PolarSSL was a personal choice for us, mostly due to its simplicity and multi-platform support. The patch is written in such a way that generic operations from most libraries should work, as long as a new backend is written for them.
Adriaan > -----Original Message----- > From: Farkas Levente [mailto:lfar...@lfarkas.org] > Sent: donderdag 2 december 2010 10:47 > To: Adriaan de Jong > Cc: openvpn-devel@lists.sourceforge.net > Subject: Re: [Openvpn-devel] Documentation and alternative SSL backend > patches > > On 12/02/2010 10:05 AM, Adriaan de Jong wrote: > > Hi List, > > > > We've been working on OpenVPN in preparation for a security > evaluation. This entailed documenting OpenVPN at a relatively high > level, removing the dependencies on OpenSSL, and adding support for a > simpler, easier to evaluate library (PolarSSL). > > > > This was done in a series of patches: > > - Patch 1: Adds documentation to OpenVPN through Doxygen. > > - Patch 2: Splits out OpenSSL-specific code, defining a clean > "backend" interface for both the crypto and SSL modules. Splits the SSL > module into channel setup and verification sub-modules. > > - Patch 3: Adds a backend for PolarSSL. > > > > We'd love to release these patches to the community. Unfortunately, > the patches are now based on 2.1.4, and need to be rebased to a newer > version. Before we spend time on updating the patches to the current > revision of OpenVPN, we'd like to know whether there is an interest in > these patches from the community. > > most distro switch from openssl to nss. is there any reason you switch > to polarssl in stead of nss? > > -- > Levente "Si vis pacem para bellum!"
