December 8, 2014

cross compile openconnect

Openconnect is a nice open source SSL VPN client for Cisco AnyConnect, and also for the open source SSL vpn server ocserv (hosted on the same website as openconnect). Below are some tips on how to cross compile openconnect for ARM, with GnuTLS

Openconnect works with both Openssl and GnuTLS. However, to use hardware token (smart card, etc), you will need GnuTLS.

Dependencies:

Openconnect depends on GnuTLS (3.3.9)
GnuTLS depends on libnettle, and libhogweed 2.7.1 (both in the nettle package)
libnettle depends on gnu GMP (libgmp, version 6.0.0)

To use hardware token, GnuTLS also depends on p11-kit (version 0.22.1) and pcsc-lite (version 1.8.11), and opensc (0.14.0), which depends on pcsc-lite.

All of these packages support autoconfig so that one can run "configure" to generate the makefile(s).  We use the --prefix "/opt/ncs-install" to install all packages. Below are the customized "configure" scripts for each package:

p11-kit-0.22.1:
CC=arm-none-linux-gnueabi-gcc CXX=arm-none-linux-gnueabi-g++ ./configure --host=arm-linux --prefix=/opt/ncs-install \
        --without-libffi --without-libtasn1

gmp-6.0.0:
CC=arm-none-linux-gnueabi-gcc CXX=arm-none-linux-gnueabi-g++ ./configure --host=arm-linux --prefix=/opt/ncs-install

nettle-2.7.1:
CFLAGS=-I/opt/ncs-install/include LDFLAGS=-L/opt/ncs-install/lib CC=arm-none-linux-gnueabi-gcc CXX=arm-none-linux-gnueabi-g++ ./configure --host=arm-linux --prefix=/opt/ncs-install

pcsc-lite-1.8.11:
CFLAGS="-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include/"
CC=arm-none-linux-gnueabi-gcc ./configure -host=arm-linux  --disable-libudev --enable-libusb \
        LIBUSB_CFLAGS="-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include/libusb-1.0/ -L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib"  \
        LIBUSB_LIBS="-lusb-1.0"

/opensc-0.14.0:
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
export LTLIB_LIBS="-L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib/ -lltdl"
export PCSC_CFLAGS="-I$DIR/../pcsc-lite-1.8.11/src/PCSC"
export LIBTOOL_SYSROOT_PATH=/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/
export CFLAGS="-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include -L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib"
export LDFLAGS="-lcrypto"
export CC=arm-none-linux-gnueabi-gcc
./configure -host=arm-linux  -v

gnutls-3.3.9:
CFLAGS=-I/opt/ncs-install/include LDFLAGS=-L/opt/ncs-install/lib \
ZLIB_CFLAGS=-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include/ \
ZLIB_LIBS="-L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib -lz" \
CC=arm-none-linux-gnueabi-gcc CXX=arm-none-linux-gnueabi-g++ ./configure --host=arm-linux --prefix=/opt/ncs-install \
 --with-nettle-mini --disable-crywrap \
 --with-p11-kit \
 --with-default-trust-store-file=/etc/ssl/certs/ca-certificates.crt


openconnect-7.00:
LIBPCSCLITE_CFLAGS=-I/opt/ncs-install/include/PCSC/ \
LIBPCSCLITE_LIBS="-L/opt/ncs-install/lib -lpcsclite" \
LIBXML2_CFLAGS=-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include/libxml2/ \
LIBXML2_LIBS="-L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib -lxml2" \
CFLAGS=-I/opt/ncs-install/include LDFLAGS=-L/opt/ncs-install/lib  \
LDFLAGS="-L/opt/ncs-install/lib -lp11-kit -lnettle -lhogweed -lgmp" \
ZLIB_CFLAGS=-I/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/include/ \
ZLIB_LIBS="-L/opt/ezsdk/linux-devkit/arm-none-linux-gnueabi/usr/lib -lz" \
CC=arm-none-linux-gnueabi-gcc ./configure --prefix=/opt/install --disable-nls --host=arm-linux --without-openssl --with-gnutls


No comments:

Post a Comment