Re: [Openvpn-devel] [PATCH] Support for wolfSSL in OpenVPN

Thu, 16 Apr 2020 04:13:02 -0700 

Am 16.04.20 um 12:42 schrieb Juliusz Sosinowicz:
> Hi Arne,
> 
> On 15/04/2020 11:31, Arne Schwabe wrote:
>> Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz:
>>> This patch adds support for wolfSSL in OpenVPN. Support is added by
>>> using wolfSSL's OpenSSL compatibility layer. Function calls are left
>>> unchanged and instead the OpenSSL includes point to wolfSSL headers
>>> and OpenVPN is linked against the wolfSSL library.
>>>
>>> As requested by OpenVPN maintainers, this patch does not include
>>> wolfssl/options.h on its own. By defining the macro
>>> EXTERNAL_OPTS_OPENVPN in the configure script wolfSSL will include
>>> wolfssl/options.h on its own (change added in
>>> https://github.com/wolfSSL/wolfssl/pull/2825). The patch adds an
>>> option '--disable-wolfssl-options-h' in case the user would like to
>>> supply their own settings file for wolfSSL.
>>>
>> Thanks the patch is lot less intrusive then the last version. We will
>> have to discuss in our meeting under what condition we want to include
>> the patch. We might add a note or statement that the WolfSSL support in
>> OpenVPN is mainly developed and tested by WolfSSL itself or something
>> along these lines.
> This is understandable since we will be maintaining wolfSSL within OpenVPN.


Could you take a look if this is an acceptable text for a README.wolfssl?

Support for WolfSSL is implemented and maintained by WolfSSL Inc. The
support is implemented using WolfSSL's compatiblity layer. The WolfSSL
support in OpenVPN receives very limited testing/support from the
OpenVPN community itself.

If bugs in OpenVPN when using WolfSSL are encountered, the user should
try to also compile OpenVPN with OpenSSL to determinate if these are
bugs in the WolfSSL TLS implemenation or OpenVPN itself.

To Build and Install,

        ./configure --with-crypto-library=wolfssl
        make
        make install

*************************************************************************
Due to limitations in the wolfSSL TLS library or its compability layer, the
following features are missing

 * blowfish support (BF-CBC), you must use something like
   cipher AES-128-CBC to avoid trying to use BF-CBC
 * Windows CryptoAPI support

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to