Nikos, Time permits, try with a letsencrypt cert, with a self-signed one it doesn't complain. Lucian -- Sent from the Delta quadrant using Borg technology! Nux! www.nux.ro ----- Original Message ----- > From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos at gmail.com> > To: "Nux!" <nux at li.nux.ro> > Cc: "openconnect-devel" <openconnect-devel at lists.infradead.org> > Sent: Tuesday, 13 September, 2016 15:56:13 > Subject: Re: libhogweed.so.2 undefined symbol __gmpn_cnd_add_n > That seems like some conflict between gmp and nettle. I cannot seem to > be able to reproduce on updated centos7. > > On Mon, Sep 12, 2016 at 3:12 PM, Nux! <nux at li.nux.ro> wrote: >> Hi, >> >> I am trying to use ocserv with a letsencrypt cert, however I get the following >> error when trying to access it via https. >> >> It works just fine with self-signed certs. >> >> OS is CentOS7 with ocserv from EPEL, for versions check below. >> >> This is my config: >> >> [root at ocserv-vpn-test ~]# cat /etc/ocserv/ocserv.conf >> auth = "plain[passwd=/etc/ocserv/ocpasswd]" >> server-cert = /etc/letsencrypt/live/ocservtest.$DOMAIN/fullchain.pem >> server-key = /etc/letsencrypt/live/ocservtest.$DOMAIN/privkey.pem >> tcp-port = 443 >> udp-port = 443 >> dns = 8.8.8.8 >> dns = 8.8.4.4 >> try-mtu-discovery = true >> cisco-client-compat = true >> socket-file = ocserv.sock >> device = vpns >> ipv4-network = 192.168.1.0/24 >> >> >> This is what happens: >> >> [root at ocserv-vpn-test ~]# ocserv --config=/etc/ocserv/ocserv.conf -f -d 1 >> Setting 'plain' as primary authentication method >> Setting 'file' as supplemental config option >> listening (TCP) on 0.0.0.0:443... >> listening (TCP) on [::]:443... >> listening (UDP) on 0.0.0.0:443... >> listening (UDP) on [::]:443... >> ocserv[16784]: main: not using control unix socket >> ocserv[16784]: main: initialized ocserv 0.11.4 >> ocserv[16785]: sec-mod: reading supplemental config from files >> ocserv[16785]: sec-mod: sec-mod initialized (socket: ocserv.sock.16784) >> ocserv: symbol lookup error: /lib64/libhogweed.so.2: undefined symbol: >> __gmpn_cnd_add_n >> ocserv[16784]: main: $IP:47952 user disconnected (reason: unspecified, rx: 0, >> tx: 0) >> >> >> >> >> >> Selinux is permissive. >> >> >> [root at ocserv-vpn-test ~]# rpm -qi nettle gmp ocserv >> Name : nettle >> Version : 2.7.1 >> Release : 4.el7 >> Architecture: x86_64 >> Install Date: Mon 12 Sep 2016 11:52:52 GMT >> Group : Development/Libraries >> Size : 764914 >> License : LGPLv2+ >> Signature : RSA/SHA256, Sat 14 Mar 2015 08:19:20 GMT, Key ID 24c6a8a7f4a80eb5 >> Source RPM : nettle-2.7.1-4.el7.src.rpm >> Build Date : Fri 06 Mar 2015 04:10:21 GMT >> Build Host : worker1.bsys.centos.org >> Relocations : (not relocatable) >> Packager : CentOS BuildSystem <http://bugs.centos.org> >> Vendor : CentOS >> URL : http://www.lysator.liu.se/~nisse/nettle/ >> Summary : A low-level cryptographic library >> Description : >> Nettle is a cryptographic library that is designed to fit easily in more >> or less any context: In crypto toolkits for object-oriented languages >> (C++, Python, Pike, ...), in applications like LSH or GNUPG, or even in >> kernel space. >> Name : gmp >> Epoch : 1 >> Version : 5.1.1 >> Release : 5.el7 >> Architecture: x86_64 >> Install Date: Tue 07 Oct 2014 08:57:55 GMT >> Group : System Environment/Libraries >> Size : 591695 >> License : LGPLv3+ >> Signature : RSA/SHA256, Fri 04 Jul 2014 01:35:49 GMT, Key ID 24c6a8a7f4a80eb5 >> Source RPM : gmp-5.1.1-5.el7.src.rpm >> Build Date : Mon 09 Jun 2014 20:18:57 GMT >> Build Host : worker1.bsys.centos.org >> Relocations : (not relocatable) >> Packager : CentOS BuildSystem <http://bugs.centos.org> >> Vendor : CentOS >> URL : http://gmplib.org/ >> Summary : A GNU arbitrary precision library >> Description : >> The gmp package contains GNU MP, a library for arbitrary precision >> arithmetic, signed integers operations, rational numbers and floating >> point numbers. GNU MP is designed for speed, for both small and very >> large operands. GNU MP is fast because it uses fullwords as the basic >> arithmetic type, it uses fast algorithms, it carefully optimizes >> assembly code for many CPUs' most common inner loops, and it generally >> emphasizes speed over simplicity/elegance in its operations. >> >> Install the gmp package if you need a fast arbitrary precision >> library. >> Name : ocserv >> Version : 0.11.4 >> Release : 1.el7 >> Architecture: x86_64 >> Install Date: Mon 12 Sep 2016 11:53:32 GMT >> Group : Unspecified >> Size : 1143904 >> License : GPLv2+ and BSD and MIT and CC0 >> Signature : RSA/SHA256, Fri 05 Aug 2016 12:35:10 GMT, Key ID 6a2faea2352c64e5 >> Source RPM : ocserv-0.11.4-1.el7.src.rpm >> Build Date : Fri 05 Aug 2016 11:32:44 GMT >> Build Host : buildvm-19.phx2.fedoraproject.org >> Relocations : (not relocatable) >> Packager : Fedora Project >> Vendor : Fedora Project >> URL : http://www.infradead.org/ocserv/ >> Summary : OpenConnect SSL VPN server >> Description : >> OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a >> secure, small, fast and configurable VPN server. It implements the OpenConnect >> SSL VPN protocol, and has also (currently experimental) compatibility with >> clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol >> uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS >> to provide the secure VPN service. >> >> >> -- >> Sent from the Delta quadrant using Borg technology! >> >> Nux! >> www.nux.ro >> >> _______________________________________________ >> openconnect-devel mailing list >> openconnect-devel at lists.infradead.org > > http://lists.infradead.org/mailman/listinfo/openconnect-devel
