cli tool builds without errors for iOS (arm).

openvpn/applecrypto/cf/cfsec.hpp

@@ -1,24 +1,28 @@
 #ifndef OPENVPN_APPLECRYPTO_CF_CFSEC_H
 #define OPENVPN_APPLECRYPTO_CF_CFSEC_H
 
+#include <openvpn/common/platform.hpp>
+
 #include <Security/SecCertificate.h>
 #include <Security/SecIdentity.h>
+
+#ifndef OPENVPN_PLATFORM_IPHONE
 #include <Security/SecKeychain.h>
 #include <Security/SecAccess.h>
+#endif
 
 #include <openvpn/common/types.hpp>
 #include <openvpn/common/exception.hpp>
 #include <openvpn/applecrypto/cf/cf.hpp>
 
 namespace openvpn {
-
   namespace CF {
-
     OPENVPN_CF_WRAP(Cert, cert_cast, SecCertificateRef, SecCertificateGetTypeID)
     OPENVPN_CF_WRAP(Identity, identity_cast, SecIdentityRef, SecIdentityGetTypeID)
+#ifndef OPENVPN_PLATFORM_IPHONE
     OPENVPN_CF_WRAP(Keychain, keychain_cast, SecKeychainRef, SecKeychainGetTypeID)
     OPENVPN_CF_WRAP(Access, access_cast, SecAccessRef, SecAccessGetTypeID)
-
+#endif
   } // namespace CF
 
 } // namespace openvpn

openvpn/applecrypto/ssl/sslctx.hpp

@@ -175,6 +175,22 @@ namespace openvpn {
 	try {
 	  OSStatus s;
 
+#ifdef OPENVPN_PLATFORM_IPHONE
+	  // init SSL object, select client or server mode
+	  if (ctx.mode().is_server())
+	    ssl = SSLCreateContext(kCFAllocatorDefault, kSSLServerSide, kSSLStreamType);
+	  else if (ctx.mode().is_client())
+	    ssl = SSLCreateContext(kCFAllocatorDefault, kSSLClientSide, kSSLStreamType);
+	  else
+	    OPENVPN_THROW(ssl_context_error, "AppleSSLContext::SSL: unknown client/server mode");
+	  if (ssl == NULL)
+	    throw CFException("SSLCreateContext failed");
+
+	  // use TLS v1
+	  s = SSLSetProtocolVersionMin(ssl, kTLSProtocol1);
+	  if (s)
+	    throw CFException("SSLSetProtocolVersionMin failed", s);
+#else
 	  // init SSL object, select client or server mode
 	  if (ctx.mode().is_server())
 	    s = SSLNewContext(true, &ssl);
@@ -195,7 +211,7 @@ namespace openvpn {
 	  s = SSLSetProtocolVersionEnabled(ssl, kTLSProtocol1, true);
 	  if (s)
 	    throw CFException("SSLSetProtocolVersionEnabled T1 failed", s);
-
+#endif
 	  // configure cert, private key, and supporting CAs via identity wrapper
 	  s = SSLSetCertificate(ssl, ctx.identity()());
 	  if (s)
@@ -259,7 +275,13 @@ namespace openvpn {
       void ssl_erase()
       {
 	if (ssl)
-	  SSLDisposeContext(ssl);
+	  {
+#ifdef OPENVPN_PLATFORM_IPHONE
+	    CFRelease(ssl);
+#else
+	    SSLDisposeContext(ssl);
+#endif
+	  }
 	ssl_clear();
       }
 

openvpn/common/platform.hpp

@@ -8,7 +8,9 @@
 # define OPENVPN_PLATFORM_TYPE_APPLE
 # if TARGET_OS_IPHONE
 #  define OPENVPN_PLATFORM_IPHONE
+#  define OPENVPN_PLATFORM_IPHONE_DEVICE
 # elif TARGET_IPHONE_SIMULATOR
+#  define OPENVPN_PLATFORM_IPHONE
 #  define OPENVPN_PLATFORM_IPHONE_SIMULATOR
 # elif TARGET_OS_MAC
 #  define OPENVPN_PLATFORM_MAC

scripts/build

@@ -61,7 +61,7 @@ if [ "$PSSL" = "1" ]; then
 fi
 
 # OpenSSL
-if [ "$PLATFORM" = "mac" ]; then
+if [ "$PLATFORM" = "mac" ] || [ "$PLATFORM" = "ios" ]; then
     # On Mac, only link with OpenSSL if OSSL is defined.
     # On other platforms, always link with OpenSSL.
     if [ "$SSL_BOTH" = "1" ]; then
@@ -132,6 +132,11 @@ if [ "$PLATFORM" = "android" ]; then
     CPPFLAGS="$CPPFLAGS -DBOOST_NO_INTRINSIC_WCHAR_T"
 fi
 
+# iOS
+if [ "$PLATFORM" = "ios" ]; then
+    FLAGS="$FLAGS -arch armv7 -miphoneos-version-min=5.0 -isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS5.0.sdk"
+fi
+
 # ovpn3
 CPPFLAGS="$CPPFLAGS -I$OVPN3_DIR"
 

vars-ios

@@ -0,0 +1,4 @@
+export BOOST_DIR=$HOME/src/ios/boost_1_49_0
+export OVPN3_DIR=$HOME/src/ovpn3
+export PLATFORM=ios
+export PATH="$OVPN3_DIR/scripts:$PATH"