Hi Juliusz, if wolfssl support is being introduced by means of the openssl compatibility layer, why do people need to configure OpenVPN with "./configure --with-crypto-library=wolfssl", rather than just using openssl and specifying a different path for headers/libraries?
Isn't the compat layer in wolfssl operating as a drop-in replacement for openssl? Regards, On 09/02/2020 10:18, Juliusz Sosinowicz wrote: > Hi Gert, > > thank you for your comments. My intention was not to add a second cipher > line in the sample config file. I added "cipher AES-256-CBC" to an > earlier version of OpenVPN when there was no cipher specified in the > loopback-client and loopback-server files. After rebasing my commit onto > master I didn't notice the double cipher lines in the config files. I > will remove this in my next patch as wolfSSL does support GCM mode but > not yet in the compatibility layer. > > I will add GCM support to our compatibility layer and send an updated > signed-off patch with a better commit message explaining what is > happening in the patch. > > Thanks > Juliusz > > On 08/02/2020 09:45, Gert Doering wrote: >> Hi Juliusz, >> >> please send patches out of a git tree, coming from a git commit with >> "git commit -s", and having a somewhat relevant commit message. >> >> Besides this, please do not >> >>> --- a/sample/sample-config-files/loopback-client >>> +++ b/sample/sample-config-files/loopback-client >>> @@ -25,3 +25,4 @@ tls-auth sample-keys/ta.key 1 >>> cipher AES-256-GCM >>> ping 1 >>> inactive 120 10000000 >>> +cipher AES-256-CBC >> ... modify the sample config files (and *if* you do, do not just add >> a second cipher line, which will confuse users quite a bit). >> >> If WolfSSL does not support GCM, this needs to be documented, but our >> sample config files contain the recommended cipher for the existing >> crypto systems, and this is (and will continue to be for the time) >> GCM - faster, and lower overhead. >> >> gert > > > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
