Re: Building Openconnect on Linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2019-04-25 at 09:18 -0400, Smithy Smith wrote:
> Hello Openconnect Team,
> 
> I am trying to build openconnect 8.02 on my Ubuntu 18.04 machine.
> After running the "./configure --without-gnutls
> --with-vpnc-script=/usr/share/vpnc-scripts/vpnc-script" command, I run
> "make".  Near the end I get the following error:
> 
> openssl-pkcs11.c: In function ‘slot_login’:
> openssl-pkcs11.c:253:27: error: ‘ERR_LIB_PKCS11’ undeclared (first use
> in this function); did you mean ‘ERR_LIB_PKCS12’?
>    if (ERR_GET_LIB(err) == ERR_LIB_PKCS11 &&
>                            ^~~~~~~~~~~~~~
>                            ERR_LIB_PKCS12
> openssl-pkcs11.c:253:27: note: each undeclared identifier is reported
> only once for each function it appears in
> openssl-pkcs11.c:254:28: error: ‘PKCS11_F_PKCS11_LOGIN’ undeclared
> (first use in this function); did you mean ‘CKR_F_PKCS11_LOGIN’?
>        ERR_GET_FUNC(err) == PKCS11_F_PKCS11_LOGIN)
>                             ^~~~~~~~~~~~~~~~~~~~~
>                             CKR_F_PKCS11_LOGIN
> Makefile:1222: recipe for target 'libopenconnect_la-openssl-pkcs11.lo' failed
> make[1]: *** [libopenconnect_la-openssl-pkcs11.lo] Error 1
> make[1]: Leaving directory '/tmp/openconnect-8.02'
> Makefile:697: recipe for target 'all' failed
> make: *** [all] Error 2
> 
> 
> Based on the above, I manually changed the openssl-pkcs11.c file,
> replacing "ERR_LIB_PKCS11" with "ERR_LIB_PKCS12" and replacing
> "PKCS11_F_PKCS11_LOGIN" with "CKR_F_PKCS11_LOGIN".  After changing the
> openssl-pkcs11.c file, the "make" completes and I can run openconnect.
> But when I use my smartcard with openconnect, I never get prompted for
> my pin, and I see the following errors, "Missing
> CKA_ALWAYS_AUTHENTICATE attribute", and "SSL connection failure".  I
> am not sure if my manual changes to the openssl-pkcs11.c file caused
> these problems.

Ubuntu ships a known-broken version of libp11. Please update libp11 to
a newer version. Or better still, build with GnuTLS instead of OpenSSL.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
openconnect-devel mailing list
openconnect-devel@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/openconnect-devel
[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux