Re: [Openvpn-devel] [PATCH] Support for wolfSSL with OpenVPN v2.4.8

Thu, 14 Nov 2019 03:28:04 -0800 

On 14/11/2019 11:22, Juliusz Sosinowicz wrote:
> From: David Garske <da...@wolfssl.com>
> 
> wolfSSL:
> 
> Support added in: https://github.com/wolfSSL/wolfssl/pull/2503
> 
> ```sh
> git clone https://github.com/wolfSSL/wolfssl.git
> cd wolfssl
> ./autogen.sh
> ./configure --enable-opensslall --enable-des3 --enable-crl --enable-certgen 
> --enable-certext --enable-aesctr --enable-sessioncerts 
> CFLAGS="-DWOLFSSL_DES_ECB -DHAVE_EX_DATA"
> make
> sudo make install
> ```
> 
> OpenVPN:
> 
> ```sh
> autoreconf -i -v -f
> ./configure --with-crypto-library=wolfssl
> make
> make check
> sudo make install
> ```

NAK.

This patch adds a new feature to the 2.4 branch.  We don't really want to do
that, especially if the change is intrusive (13 files changed, 108 insertions
<< that is intrusive).  WolfSSL support will at best see the light in the
coming 2.5 release (At the hackathon we aim for late 2020Q1 or 2020Q2)

In previous rounds we have asked a lot of questions; there has been no real
responses to those.  This has not even been touched in the relation to this 
patch.

One good thing I do see, is that it seems to try to use an OpenSSL support
layer in WolfSSL - which is good.  But then I wonder why we see additions like
this all over.

+#ifdef ENABLE_CRYPTO_WOLFSSL
+#include <wolfssl/options.h>
+#endif

In addition, the change in configure.ac with all the AC_DEFINE lines, tagged
with "Emulate XXXXX since these are defined as macros" is also making a lot of
mess.

And then comes the most critical point to all of this:  Who will maintain
WolfSSL support in OpenVPN once this has been applied?  What kind of
commitment will we see from the WolfSSL organization?

The OpenVPN developers community will have an IRC meeting next Thursday (Nov
21 @ 20:00 CET, #openvpn-meeting on FreeNode [1]).  I strongly recommend you
to attend this meeting to follow up your request.


[1] You need to have your nick registered to join
    <https://freenode.net/kb/answer/registration>


-- 
kind regards,

David Sommerseth
OpenVPN Inc

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to