Hi, as Arne said, this is much better.
On Tue, Apr 14, 2020 at 08:52:14PM +0200, Juliusz Sosinowicz wrote:
> This patch adds support for wolfSSL in OpenVPN. Support is added by using
> wolfSSL's OpenSSL compatibility layer. Function calls are left unchanged and
> instead the OpenSSL includes point to wolfSSL headers and OpenVPN is linked
> against the wolfSSL library.
[..]
There is one thing, though:
> index 30eba7b2..a82c52ad 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -39,6 +39,10 @@
>
> #ifdef ENABLE_CRYPTOAPI
>
> +#ifdef ENABLE_CRYPTO_WOLFSSL
> +#error wolfSSL does not support CryptoAPI
> +#endif
> +
I do not like this very much. It will, effectively, break win32 builds
with WolfSSL - and add yet another #ifdef to our .c files.
ENABLE_CRYPTOAPI is defined in syshead.h
#if defined(_WIN32) && defined(ENABLE_CRYPTO) && defined(ENABLE_CRYPTO_OPENSSL)
#define ENABLE_CRYPTOAPI
#endif
... could you investigate whether it would be sufficient to just
conditionalize this on WolfSSL, like this?
#if defined(_WIN32) && defined(ENABLE_CRYPTO) && \
defined(ENABLE_CRYPTO_OPENSSL) && !defined(ENABLE_CRYPTO_WOLFSSL)
#define ENABLE_CRYPTOAPI
#endif
so you can have WolfSSL-linked binaries for Windows, just without
CryptoAPI support (as with mbedtls)...
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
