Opened 6 years ago

Last modified 5 weeks ago

#794 new Feature Wish

Process for builing OpenVPN with OpenSSL

Reported by: noloader Owned by:
Priority: minor Milestone: release 2.7
Component: Generic / unclassified Version: OpenVPN 2.2.2 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Steffan Karger


This comes up from time to time on Stack Overflow. Folks try to build OpenVPN with OpenSSL but OpenSSL fails to configure properly. Sometimes OpnSSL is provided by the distro in a non-standard location, other times is OpenSSL is installed in a unique location by the user.

OpenVPN's configure dos not appear to honor usual suspects, like --with-ssl=<som dir>. And running configure's help does not provide information on the subject matter.

I've been able to build OpenVPN with custom CFLAGS and CXXFLAGS. But most Autoconf users don't know how to do it; and the process is not exactly documented well. (My apologies if I missed the documentation).

At this point, I've only described the issue. I don't know the best way to solve it. I think a combination of (1) a configure switch to control the SSL/TLS library would be helpful; and (2) documentation on the matter.

I patrol OpenSSL questions on Stack Overflow. Here are three quick results that have to do with building OpenVPN with OpenSSL:

Change History (5)

comment:1 Changed 6 years ago by noloader

My bad... This:

Folks try to build OpenVPN with OpenSSL but OpenSSL fails to configure properly

Should say:

Folks try to build OpenVPN with OpenSSL but OpnVPN fails to configure properly

comment:2 Changed 6 years ago by Gert Döring

Cc: Steffan Karger added

INSTALL documents the following options to configure

              C compiler flags for OpenSSL, overriding pkg-config
              linker flags for OpenSSL, overriding pkg-config

but I do agree that --with-ssl=<dir> or something along that lines would be more in-line with what everyone else does.

We're not going to change that for 2.4 (only bugfixes, and that's not technically a bug but a "questionable design") but we'll revisit right after.

comment:3 Changed 6 years ago by Steffan Karger

"In line with what everyone else does" is of course worth something, and I have no clue why we do things differently, but I actually like the current approach. It allows me to just point the *_CFLAGS and *_LIBS to the places where I am building the libraries, without having to run 'make install' after each change.

(That's not a NAK to changing this, just wanted to let you know there's good sides to it too.)

comment:4 Changed 6 years ago by Gert Döring

@syzzer: well, developers are a somewhat funny breed, with having half-baked library source trees lying around all across the file system... :-) - but I think we could just have both. Keep the env variables as they are today, and a command line to set them in one go for the "easy" case.

(Same thing for --with-lzo=dir of course)

comment:5 Changed 5 weeks ago by Gert Döring

Milestone: release 2.7

I'd still like --with-$thing=$dir for lzo, openssl, ... but I'm not going to code it. So just bumping the milestone.

Note: See TracTickets for help on using tickets.