mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-19 19:42:30 +02:00
a40b2304fe
PolarSSL 1.2 is going end-of-support by 31-12-2015, so we have to move on. Newer versions of polarssl/mbedtls are already released (2.0-2.2), but as previously agreed upon, we will just move release/2.3 to polar 1.3, where master has been for a while now. This commit removes support for PolarSSL 1.2. The mimimum required version of PolarSSL is now 1.3.8. This commit is a combination of a number of commits related to upgrading or fixing polarssl 1.3 support from the master branch, adjusted to apply to the release/2.3 branch:03df3a99Upgrade to PolarSSL 1.3cc1cee74Update openvpn-plugin.h for PolarSSL 1.3.4b9eaa1eFix regression with password protected private keys (polarssl)d0f26fb5polarssl: disable 1/n-1 record splitting444a93eapolarssl: fix --client-cert-not-required9571010apolarssl: also allocate PKCS#11 certificate object on demand67a67e39polarssl: don't use deprecated functions anymore9d3b7cecpolarssl: require >= 1.3.8 This commit was tested using: * Regular private key file * Password-protected private key file * PKCS#11 * --management-external-key * CRL file (with and w/o revoked cert) * With and w/o tls-auth * RSA and ECDSA key/certs Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1450525169-12961-1-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/10856 Signed-off-by: Gert Doering <gert@greenie.muc.de>
27 lines
789 B
Plaintext
27 lines
789 B
Plaintext
This version of OpenVPN has PolarSSL support. To enable follow the following
|
|
instructions:
|
|
|
|
To Build and Install,
|
|
|
|
./configure --with-crypto-library=polarssl
|
|
make
|
|
make install
|
|
|
|
This version depends on PolarSSL 1.3 (and requires at least 1.3.8).
|
|
|
|
*************************************************************************
|
|
|
|
Due to limitations in the PolarSSL library, the following features are missing
|
|
in the PolarSSL version of OpenVPN:
|
|
|
|
* PKCS#12 file support
|
|
* --capath support - Loading certificate authorities from a directory
|
|
* Windows CryptoAPI support
|
|
* X.509 alternative username fields (must be "CN")
|
|
|
|
Plugin/Script features:
|
|
|
|
* X.509 subject line has a different format than the OpenSSL subject line
|
|
* X.509 certificate export does not work
|
|
* X.509 certificate tracking
|