Hi, A new Windows installer based on release/2.2 branch with my easy-rsa patches applied is now available here:
<http://build.openvpn.net/downloads/releases/openvpn-2.2.1-install-preview-1.exe> Also, a standalone version of fixed easy-rsa directory is available here: <http://build.openvpn.net/easy-rsa.zip> It can be extracted to an existing OpenVPN 2.2* install directory - just move old easy-rsa directory out of the way first. If you can, please test that it works as excepted. Basic usage on WinXP seemed to work fine: $ init-config $ vars $ clean-all $ build-ca $ build-key-server $ build-key client1 If possible, please test "domake-win" builds and see if/how they break. This is probably the most important fix for 2.2.1 which we hope to get out on Friday. Use of easy-rsa is documented in the included README file and here: <http://openvpn.net/index.php/open-source/documentation/howto.html#pki> Samuli > Hi all, > > I falsely assumed openssl.cnf was a default file from OpenSSL release > packages, even though it was heavily modified for easy-rsa. The root > cause of the issue seems to be that OpenSSL 1.0.0 does not like > undefined variables in openssl.cnf. I fixed the Windows side today, > and a preliminary patch is available here: > > <http://build.openvpn.net/0001-Updated-easy-rsa-for-OpenSSL-1.0.0.patch> > > This patch applies on top of "Fix a build-ca issue on Windows" in > "master" and fixes Trac ticket #125. A few other things still need > fixing : > > - Lack of file called "easy-rsa/2.0/openssl.cnf" will probably break > "domake-win" builds - or at least easy-rsa on installers generated > with it. > - openssl-1.0.0.cnf has not yet been tested on *NIX > - changes to "easy-rsa/2.0/vars" script have not been tested > > The added environment variables should not have negative side-effects. > I'll test Windows installer generation tomorrow to make sure easy-rsa > works out of the box on Windows. Help with *NIX+OpenSSL 1.0.0 and > "domake-win" would be appreciated. > > Samuli >> On 20/06/11 12:30, Jan Just Keijser wrote: >> [...snip...] >> >> Samuli, can you please look closer into this? I did a more >> careful diff >> >> from 2.0/openssl.cnf and Windows/openssl.cnf ... and it seems quite >> >> different. Can we please unite them? >> >> >> >> JJK: Do you know which differences are needed between Windows and >> >> non-Windows? >> >> >> >> >> > I just checked that the openssl.cnf file shipped with the windows >> version >> > of openvpn 2.1.4 is identical to the easy-rsa/2.0 version - is >> there any >> > reason not to do the same for openvpn 2.2? >> >> >> Good question! >> >> Samuli, what do you think? Could we actually just move the >> 2.0/openssl.cnf >> to a common directory where the installers will pick this config >> file? To >> have the same file in more places in the source tree sounds chaotic >> for me, >> especially when 2.1.4 uses the same file everywhere. >> >> I'd suggest ./easy-rsa as a good common base. >> >> I'm also wondering if we need to still carry easy-rsa/1.0 in the source >> tree. It looks rather dead ... >> >> $ git log --follow --oneline ./easy-rsa/1.0/ >> 3c7f2f5 version 2.1_beta1 >> >> Compared to this: >> >> $ git log --follow --oneline ./easy-rsa/2.0/ >> 6dc6019 pkitool lacks expected option "--help" >> 2d4e768 bash->bourne script cleanup >> 564a210 Updated copyright date to 2010. >> 9f4725e pkitool lacks expected option "--help" >> d7fa38f Update copyright to 2009. >> 2534aa4 Fixed revoke-full to deal with issue arising from addition ... >> dbec0a2 Modified pkitool to allow flexibility in separating the Com... >> d56dec6 Change to pkitool/openssl.cnf so that calling scripts can s... >> 367ed08 Copyright notice changed to reflect change in name of Telet... >> 1c0cc4a Copyright change OpenVPN Solutions LLC -> Telethra, Inc. >> eca8691 Updated copyright notice to 2008. >> 4d90d73 Updated version & changelog. >> d4fb6d4 Set tool defaults in pkitool. >> eba4632 Added note about alternative version of easy-rsa that suppo... >> 8d54351 Clean up configure on FreeBSD for recent autotool versions ... >> acb567c A few more updates: -r 1015:1025 https://svn.openvpn.net/pr... >> a8105c6 Merged PKCS#11 extensions to easy-rsa/2.0 (Alon Bar-Lev). ... >> 513baee Small fixes: * Fixed variable declaration in crypto.c that ... >> 411e89a Merged --remote-cert-ku, --remote-cert-eku, and --remote-ce... >> 8810c26 Moved easy-rsa 2.0 scripts to easy-rsa/2.0 to be compatible... >> >> $ git log --follow --oneline ./easy-rsa/Windows/ >> 54c739e Revert "Add new openssl.cnf to easy-rsa/Windows" >> 663860a Add new openssl.cnf to easy-rsa/Windows >> 3810843 Fix a build-ca issue on Windows >> 6b2883a Change all CRLF linefeeds to LF linefeeds >> d0b4271 In Windows build, package a statically linked openssl.exe t... >> 4030142 The easy-rsa directory installed by the windows installer c... >> 6fbf66f This is the start of the BETA21 branch. It includes the --t... >> >> >> kind regards, >> >> David Sommerseth > >
