Hi, Attached a patch for the second point you make. It was a pre-existing bug where the autoconf script was not equipped to detect incorrectly compiled polarssl builds, e.g. without pkcs11 support.
I'm still working on the first (polarssl-blowfish) point, need to do some more testing first on that one. Regards, -Steffan -----Original Message----- From: Gert Doering [mailto:g...@greenie.muc.de] Sent: dinsdag 19 maart 2013 15:27 To: Steffan Karger Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] [PATCH 1/5] PolarSSL-1.2 support Hi, On Mon, Mar 18, 2013 at 05:37:28PM +0100, steffan.kar...@fox-it.com wrote: > From: Steffan Karger <steffan.kar...@fox-it.com> > > Add support for PolarSSL-1.2, which has changed the API in several places. > This is a minimal port, new features have not been enabled. Only > PolarSSL > 1.2.5 and newer are accepted, as earlier versions contain unresolved > (security) issues. NAK, actually, for two reasons: - there is "something wrong" with the blowfish support - patching release/2.3 in git with these 5 patches and compiling with polar 1.2.5 creates a binary that is not interoperating with openssl-compiled openvpn (cipher blowfish-cbc on the polar side, bf-cbc on openssl) - it negotiates just fine, but data packets cannot be decrypted 14:23 <@dazo> Tue Mar 19 14:16:08 2013 Authenticate/Decrypt packet error: cipher final failed - when configuring with --enable-pkcs11, compilation fails 14:17 <@dazo> ssl_polarssl.h:69:5: error: expected specifier-qualifier-list before \u2018pkcs11_context\u2019 (I'm just relaying, David did the actual testing... my buildbot box is still busy trying to compile polar 1.2.6...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
0001-Fixed-autoconf-script-to-properly-detect-missing-pkc.patch
Description: 0001-Fixed-autoconf-script-to-properly-detect-missing-pkc.patch
