Opened 10 years ago
Closed 10 years ago
#382 closed Bug / Defect (notabug)
Build failure for 2.3.3 if PCKS#11 and OpenSSL are enabled
Reported by: | jkb | Owned by: | |
---|---|---|---|
Priority: | critical | Milestone: | release 2.3.3 |
Component: | Building / Compiling | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | Steffan Karger |
Description
When trying to build OpenVPN 2.3.3 for Tunnelblick with PKCS11 and OpenSSL support, I get the following error:
libtool: link: blah, blah, blah…
Undefined symbols:
"_pkcs11h_openssl_session_getEVP", referenced from:
_pkcs11_init_tls_session in pkcs11_openssl.o
ld: symbol(s) not found
collect2: ld returned 1 exit status
I had downloaded the source from https://github.com/OpenVPN/openvpn/tree/release/2.3 on 2014-03-25.
Looking at the source, I see a reference to
pkcs11h_openssl_session_getEVP
at line 66 of pkcs11_openssl.c, but I cannot find any place it is defined.
Line 66 is conditionally compiled when:
#if defined(ENABLE_PKCS11) && defined(ENABLE_CRYPTO_OPENSSL)
The reference to pkcs11h_openssl_session_getEVP is not present in the source for OpenVPN 2.3.2.
(I filed this under "git master branch" because there is no "2.3.3" option. I do not know if the problem occurs with the source from the git master branch.)
Change History (4)
comment:1 Changed 10 years ago by
Cc: | Steffan Karger added |
---|
comment:2 Changed 10 years ago by
Ah, indeed, commit f8b590d5a6692324a from Nov 12, 2013
pkcs11: use generic evp key instead of rsa
Enables DSA, ECDSA key usages with newer pkcs11-helper.
configure should complain that pkcs11-helper needs to be 1.11 or later, but if I read this right, it will only do that if "pkg-config" is there and can be queried for versions.
comment:3 Changed 10 years ago by
Thank you! Linking with pkcs11-helper 1.11 solves the problem.
Apparently variable names prefixed with "pkcs11h_" refer to items outside of the OpenVPN source, in the pcks11-helper source -- I had not realized that.
Sorry for the trouble, and thanks again.
This ticket can be closed, or marked "invalid" or something.
comment:4 Changed 10 years ago by
Resolution: | → notabug |
---|---|
Status: | new → closed |
Thanks for testing and reporting :-) - will close!
I seem to remember that we need a more recent version of pkcs11_helper "since some change". Let me go searching...