Opened 11 years ago
Closed 11 years ago
#343 closed Bug / Defect (fixed)
cannot make openvpn 2.3.2 with polarssl 1.3.1
Reported by: | klook | Owned by: | Steffan Karger |
---|---|---|---|
Priority: | major | Milestone: | release 2.4 |
Component: | Building / Compiling | Version: | OpenVPN 2.3.2 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: |
Description
Hi,
i was trying to compile openvpn 2.3.2 with polarssl 1.3.1 library and make fails in this way:
gcc -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat -g -O2 -MT crypto_polarssl.o -MD -MP -MF .deps/crypto_polarssl.Tpo -c -o crypto_polarssl.o crypto_polarssl.c
crypto_polarssl.c: In function ‘cipher_ctx_reset’:
crypto_polarssl.c:469:3: error: too many arguments to function ‘cipher_reset’
return 0 == cipher_reset(ctx, iv_buf);
In file included from crypto_polarssl.h:33:0,
from crypto_backend.h:37,
from crypto_polarssl.c:44:
/usr/local/include/polarssl/cipher.h:510:5: note: declared here
int cipher_reset( cipher_context_t *ctx );
make[3]: * [crypto_polarssl.o] Erreur 1
It seems that cipher_reset() method has been modified in polarssl 1.3 (2nd argument iv_buf has been removed).
Does someone already encountered this issue?
Is there a known temporary fix?
Regards
klook
Change History (5)
comment:1 Changed 11 years ago by
comment:2 Changed 11 years ago by
Syzzer mentioned that he has a prototype for OpenVPN with PolarSSL 1.3 and EC support... so "something will be coming".
But for now, stay at 1.2.10
comment:3 Changed 11 years ago by
Owner: | set to Steffan Karger |
---|---|
Status: | new → assigned |
comment:4 Changed 11 years ago by
Milestone: | → release 2.4 |
---|
comment:5 Changed 11 years ago by
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
PolarSSL 1.3 support has been merged into the master branch (OpenVPN 2.4+), see https://github.com/OpenVPN/openvpn/commit/03df3a990f71b3d02653eba364ac89f8400611c3.
After some discussion with the upstream policy on point-releases, the PolarSSL is not stable between various point-release versions. This means you must use a 1.2 release, and 1.2.10 is the only proper choice at present (<1.2.9 has a CVE out, and 1.2.10 fixes a memory leak in 1.2.9.)
If you have other applications that need a 1.3 API version, you'll need to install both SO versions side-by-side. If it's just OpenVPN you're building, keep PolarSSL at 1.2 for now.
We'll be updating autoconf shortly to explicitly fail the configure script when the required PolarSSL version is unavailable.