Opened 7 years ago

Closed 6 years ago

#343 closed Bug / Defect (fixed)

cannot make openvpn 2.3.2 with polarssl 1.3.1

Reported by: klook Owned by: Steffan Karger
Priority: major Milestone: release 2.4
Component: Building / Compiling Version: OpenVPN 2.3.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


i was trying to compile openvpn 2.3.2 with polarssl 1.3.1 library and make fails in this way:

gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT crypto_polarssl.o -MD -MP -MF .deps/crypto_polarssl.Tpo -c -o crypto_polarssl.o crypto_polarssl.c
crypto_polarssl.c: In function ‘cipher_ctx_reset’:
crypto_polarssl.c:469:3: error: too many arguments to function ‘cipher_reset’
return 0 == cipher_reset(ctx, iv_buf);

In file included from crypto_polarssl.h:33:0,
from crypto_backend.h:37,
from crypto_polarssl.c:44:
/usr/local/include/polarssl/cipher.h:510:5: note: declared here
int cipher_reset( cipher_context_t *ctx );

make[3]: * [crypto_polarssl.o] Erreur 1

It seems that cipher_reset() method has been modified in polarssl 1.3 (2nd argument iv_buf has been removed).

Does someone already encountered this issue?
Is there a known temporary fix?


Change History (5)

comment:1 Changed 7 years ago by JoshC

After some discussion with the upstream policy on point-releases, the PolarSSL is not stable between various point-release versions. This means you must use a 1.2 release, and 1.2.10 is the only proper choice at present (<1.2.9 has a CVE out, and 1.2.10 fixes a memory leak in 1.2.9.)

If you have other applications that need a 1.3 API version, you'll need to install both SO versions side-by-side. If it's just OpenVPN you're building, keep PolarSSL at 1.2 for now.

We'll be updating autoconf shortly to explicitly fail the configure script when the required PolarSSL version is unavailable.

comment:2 Changed 7 years ago by Gert Döring

Syzzer mentioned that he has a prototype for OpenVPN with PolarSSL 1.3 and EC support... so "something will be coming".

But for now, stay at 1.2.10

comment:3 Changed 7 years ago by Samuli Seppänen

Owner: set to Steffan Karger
Status: newassigned

comment:4 Changed 7 years ago by Gert Döring

Milestone: release 2.4

comment:5 Changed 6 years ago by Steffan Karger

Resolution: fixed
Status: assignedclosed

PolarSSL 1.3 support has been merged into the master branch (OpenVPN 2.4+), see

Note: See TracTickets for help on using tickets.