259 | | Required software: Recent Windows DDK, [http://nsis.sourceforge.net NSIS]. |
260 | | |
261 | | First clone the ''tap-windows'' repository, e.g. using ''Git Bash'': |
262 | | |
263 | | {{{ |
264 | | $ git clone https://github.com/OpenVPN/tap-windows |
265 | | }}} |
266 | | |
267 | | Next you need to set some environment variables. For self-signed test certificates use something like this: |
268 | | |
269 | | {{{ |
270 | | set CODESIGN_PKCS12=c:\Users\John\tap-windows\my-self-signed-certificate.p12 |
271 | | set CODESIGN_PASS=mypassphrase |
272 | | set CODESIGN_ISTEST=yes |
273 | | }}} |
274 | | |
275 | | For paid-for software publisher certificates (SPC) you'd use something like this: |
276 | | |
277 | | {{{ |
278 | | set CODESIGN_PKCS12="c:\Users\John\tap-windows\my-software-publisher-certificate.p12" |
279 | | set CODESIGN_PASS=mypassphrase |
280 | | set CODESIGN_ISTEST=no |
281 | | set CODESIGN_CROSS="C:\Users\John\tap-windows\ca-cross-certificate.crt" |
282 | | set CODESIGN_TIMESTAMP="http://timestamp.domain.com" |
283 | | }}} |
284 | | |
285 | | If you imported the kernel-mode code-signing certicate using Internet Explorer, you can use ''certmgr.exe'' to export it in PFX (=PKCS12) format. Just make sure to include the private key in the file and to give it a sufficiently strong password, which you then define using ''CODESIGN_PASS'' variable. The CA cross certificate can be obtained from your CA and most likely needs no modifications. The URL for the timestamping service is CA-specific, but trivial to locate. |
286 | | |
287 | | Next you configure the tap-windows build to use these using a Visual Studio command prompt: |
288 | | |
289 | | {{{ |
290 | | > configure |
291 | | }}} |
292 | | |
293 | | This copies the variables to ''tap-windows\config-env.bat'', which is included during build. All that's left is to build the tap-windows drivers: |
294 | | |
295 | | {{{ |
296 | | > build |
297 | | }}} |
298 | | |
299 | | Further customization for MSVC can be done using ''config-local.m4'' file which overrides variables or with environment variables which override auto detection code. This can be used, for example, to specify a custom DDK location. For details, see |
300 | | |
301 | | {{{ |
302 | | > configure --help |
303 | | }}} |
| 259 | Content moved [wiki:BuildingTapWindows here]. |
| 260 | |