Changes between Version 4 and Version 5 of UsingPolarSSL


Ignore:
Timestamp:
07/21/14 11:18:03 (10 years ago)
Author:
Steffan Karger
Comment:

Make page up-to-date, remove duplicate information (and refer to README.polarssl instead).

Legend:

Unmodified
Added
Removed
Modified

  • UsingPolarSSL

    v4 v5  
    11= Introduction =
    22
    3 PolarSSL support is fully integrated with mainline OpenVPN since 2.3. Status of the integration is viewable from [wiki:PolarSSLintegration this page].
     3Since version 2.3, OpenVPN can be built using PolarSSL as it's crypto backend, instead of OpenSSL. See [https://polarssl.org/] for more information on PolarSSL.
    44
    55= Limitations compared to OpenSSL =
    66
    7 Author of the patchset [http://sourceforge.net/mailarchive/message.php?msg_id=27751181 said] the following:
     7Note that the PolarSSL variant of OpenVPN does not support the same featureset as the OpenSSL variant. The most prominent differences are listed in the latest [https://github.com/OpenVPN/openvpn/blob/master/README.polarssl README.polarssl].
    88
     9= Building the PolarSSL-enabled OpenVPN =
     10
     11OpenVPN 2.3 has full PolarSSL support. Get the sources from [http://openvpn.net/index.php/open-source/downloads.html the download page], or get the most recent (potentially unstable) code [https://github.com/OpenVPN/openvpn from github].
     12
     13To build using polarssl:
    914{{{
    10 Note that due to limitations in PolarSSL, it is still missing a number of features:
    11 
    12  * PKCS#12 file support
    13  * --capath support - Loading certificate authorities from a directory
    14  * Windows CryptoAPI support
    15  * Management external key support
    16  * X.509 alternative username fields (must be "CN")
    17 
    18 Plugin/Script features:
    19 
    20  * X.509 Serial number is in hex, not decimal as with OpenSSL
    21  * X.509 subject line has a different format than the OpenSSL subject line
    22  * X.509 certificate export does not work
    23  * X.509 certificate tracking
     15./configure --with-crypto-library=polarssl
     16make
     17make install
    2418}}}
    2519
    26 Latest [https://github.com/andj/openvpn-ssl-refactoring/blob/f543aafc52d8885c36ced7bf0eb74919dc6bb75f/README.polarssl README.polarssl] may contain more recent information.
    27 
    28 = Getting the PolarSSL-enabled OpenVPN =
    29 
    30 OpenVPN 2.3 has full PolarSSL support.
    31 
    32 {{{
    33 ./configure --with-ssl-type=polarssl
    34         make
    35         make install
    36 }}}
    37