On Wed, Oct 22, 2014 at 12:59 PM, David Frank <bitinn at gmail.com> wrote: > Hello, > > I wanted to try out this particular setting for ocserv > > tls-priorities = "NONE:%SERVER_PRECEDENCE:PFS" > > PFS is only available on 3.3.x, but ubuntu only have GnuTLS 3.2.x package, so I build 3.3.9 from source, and during ./configure I saw this output: > configure: External hardware support: > > /dev/crypto: no > Hardware accel: x86-64 > Padlock accel: yes > PKCS#11 support: no > TPM support: no > > With GnuTLS installed, I try to configure and make ocserv, but saw this error: > sec-mod.o: In function `sec_mod_server': > /home/dev/tools/ocserv-0.8.6/src/sec-mod.c:458: undefined reference to `gnutls_pkcs11_reinit' > collect2: error: ld returned 1 exit status It seems that the OS installed library is queried in the ocserv's configure step, PKCS #11 is detected, and thus the error you see, as you don't have PKCS #11 in your compiled library. One option is to enable PKCS #11 support in your compiled library by installing p11-kit, the other is to somehow force configure to use your compiled library. regards, Nikos
