The Readme looks good. Just one suggestion.
On 16/04/2020 13:11, Arne Schwabe wrote:
Am 16.04.20 um 12:42 schrieb Juliusz Sosinowicz:
Hi Arne,
On 15/04/2020 11:31, Arne Schwabe wrote:
Am 14.04.20 um 20:52 schrieb Juliusz Sosinowicz:
This patch adds support for wolfSSL in OpenVPN. Support is added by
using wolfSSL's OpenSSL compatibility layer. Function calls are left
unchanged and instead the OpenSSL includes point to wolfSSL headers
and OpenVPN is linked against the wolfSSL library.
As requested by OpenVPN maintainers, this patch does not include
wolfssl/options.h on its own. By defining the macro
EXTERNAL_OPTS_OPENVPN in the configure script wolfSSL will include
wolfssl/options.h on its own (change added in
https://github.com/wolfSSL/wolfssl/pull/2825). The patch adds an
option '--disable-wolfssl-options-h' in case the user would like to
supply their own settings file for wolfSSL.
Thanks the patch is lot less intrusive then the last version. We will
have to discuss in our meeting under what condition we want to include
the patch. We might add a note or statement that the WolfSSL support in
OpenVPN is mainly developed and tested by WolfSSL itself or something
along these lines.
This is understandable since we will be maintaining wolfSSL within OpenVPN.
Could you take a look if this is an acceptable text for a README.wolfssl?
Support for WolfSSL is implemented and maintained by WolfSSL Inc. The
support is implemented using WolfSSL's compatiblity layer. The WolfSSL
support in OpenVPN receives very limited testing/support from the
OpenVPN community itself.
If bugs in OpenVPN when using WolfSSL are encountered, the user should
try to also compile OpenVPN with OpenSSL to determinate if these are
bugs in the WolfSSL TLS implemenation or OpenVPN itself.
To Build and Install,
./configure --with-crypto-library=wolfssl
make
make install
I would add here:
The wolfSSL library will include the installed options.h file by
default. To include a custom user_settings.h file for wolfSSL,
./configure --with-crypto-library=wolfssl --disable-wolfssl-options-h
make
make install
*************************************************************************
Due to limitations in the wolfSSL TLS library or its compability layer, the
following features are missing
* blowfish support (BF-CBC), you must use something like
cipher AES-128-CBC to avoid trying to use BF-CBC
* Windows CryptoAPI support
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
