Don't include -I and -L compiler options for Cityhash pointing
to $DEP_DIR, unless the directories exist.
Signed-off-by: James Yonan <james@openvpn.net>
This is ported from the OpenVPN 2 project. Since I wrote that script,
the relicensing from GPLv2 to AGPLv3 is fine.
Signed-off-by: David Sommerseth <davids@openvpn.net>
The newest Google Android NDK removes support for Android API 14 and 15
(Android 4.0) along with non v7a 32bit Android ABI. The new lowest
API is 16. OpenVPN Connect is already using minAPI=16 so this does
not have an effect on the main user of these build scripts.
Ensure that even if the Android SDK is already unpacked we install
and update all packages required. Otherwise if the sdk is we only
updated the available packages list and did not update the packages
themselves.
the scripts/android/build-all script is now in charge of
performing all the steps required to build a full android core.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
since the introduction of the unified headers, the API level
has to be specified on the command line, otherwise a development
API level (1000) will be used and will mess up older Android
releases.
On top of that, circumvent a bug in pthread.h by defining __LP32__.
This problem was causing crashes on Android 5 as it wasn't able to
provide libc functions expected by the precompiled ovpn3-core.
Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
Created a lightweight abstraction layer so that another i/o
reactor can be dropped in place of asio.
The basic approach is to rename all references to asio::xxx
types to openvpn_io::xxx and then make openvpn_io a
preprocessor variable that points to the top-level namespace
of the i/o reactor implementation.
All of the source files that currently include <asio.hpp> now
include <openvpn/io/io.hpp> instead:
This gives us a lightweight abstraction layer that allows us
to define openvpn_io to be something other than asio.
Other changes:
* Inclusion of asio by scripts/build is now optional, and is
enabled by passing ASIO=1 or ASIO_DIR=<dir>.
* Refactored openvpn/common/socktypes.hpp to no longer
require asio.
* Refactored openvpn/log/logthread.hpp to no longer require
asio.
* Added openvpn::get_hostname() method as alternative to
calling asio directly.
* openvpn/openssl/util/init.hpp will now #error
if USE_ASIO is undefined.
Signed-off-by: James Yonan <james@openvpn.net>
PROF=<platform> -- source vars/vars-<platform> before running
ASIO_DIR=<dir> -- specify ASIO tree
MTLS_SYS=1 -- use system mbedTLS
LZ4_SYS=1 -- build with system LZ4 compression library
This patch builds on work by David Sommerseth <davids@openvpn.net>
to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which
has significant differences in some areas.
- Strings containing keys, certificates, CRLs, and DH parameters
need to be NULL-terminated and the length argument provided to
the corresponding mbedtls parse function must be able to read
the NULL-terminator. These places have been modified with a
'+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp,
pkctx.hpp).
- The SSL context object has been split up in mbedtls-2.3
Now many of the SSL configurations are done in a separate
SSL config object, which is added to the SSL context once
configured. In addition private/public keys are now stored
in a separate pk_context, which is later on attached to the
SSL context. Due to this, many of the calls setting either
SSL configuration parameters or working with pk_contexts have
been refactored. (sslctx.hpp)
- The older API loading the CA chain took a hostname argument.
The new API requires mbedtls_ssl_set_hostname() explicitly to
be called setting hostname. Some refactoring was needed here
too (sslctx.hpp).
- x509_oid_get_description() is now replaced by
mbedtls_oid_get_extended_key_usage().
- when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return
value was changed so that a return value of 0 now means equal
rather than not-equal.
- mbedtls/platform.h must be loaded before any other mbedtls
include files (sslchoose.hpp).
- All functions and macros related to mbedTLS are now prefixed
with mbedtls_/MBEDTLS_
- Refactored External PKI and added some options to cli.cpp
to make it easier to test that the feature still works
correctly. This included removing the sig_type var and
standardizing on a PKCS#1 digest prefix per RFC 3447.
- Updated test keys to 2048 bits.
- Updated dependency build scripts to build mbedTLS.
- Enable MD4 in mbedTLS build script (needed for NTLM auth).
- Use an allow-all X509 cert profile to preserve compatibility
with older configs. Going forward, we will implement new
options to increase strictness on minimum RSA key size and
required cert signing algs.
- Added human-readable reason strings that explain why
a given cert in the chain wasn't accepted.
- This patch doesn't rename any files or rename internal
OpenVPN 3 symbols such as PolarSSLContext. This will
be done in a separate commit.
Signed-off-by: James Yonan <james@openvpn.net>
* Added EXTRA_CPP var for specifying additional .cpp files
to be built as separate compilation units.
* Don't emit -fwhole-program flag if compile-only flag
(CO) is enabled or EXTRA_CPP is defined.
* Clear out EXTRA_SRC_OBJ if compile-only flag (CO) is
enabled to avoid warnings.
* Updated SDK and NDK to Android 5:
android-sdk_r24.0.2-macosx.zip
android-ndk-r10d-darwin-x86_64.bin
* Updated build-toolchain to build both ARM
and ARM64 toolchains.
* Added ARMv8-a architecture (64-bit) to all
core builds.
* Patched "Page Size" issue in boost_1_57_0.
* Disable minicrypto for now in both Android and Apple builds.
* In deps/polarssl/build-polarssl, don't apply the minicrypto
patch unless "$USE_MINICRYPTO" = "1".
