| 1 | = Introduction = |
| 2 | |
| 3 | PolarSSL support is not yet (11th Aug 2011) fully integrated with mainline OpenVPN. Status of the integration is viewable from [wiki:PolarSSLintegration this page]. First OpenVPN 2.3 alpha will be the first official release to include full PolarSSL support. |
| 4 | |
| 5 | = Limitations compared to OpenSSL = |
| 6 | |
| 7 | Author of the patchset [http://sourceforge.net/mailarchive/message.php?msg_id=27751181 said] the following: |
| 8 | |
| 9 | {{{ |
| 10 | Note that due to limitations in PolarSSL, it is still missing a number of features: |
| 11 | |
| 12 | * PKCS#12 file support |
| 13 | * --capath support - Loading certificate authorities from a directory |
| 14 | * Windows CryptoAPI support |
| 15 | * Management external key support |
| 16 | * X.509 alternative username fields (must be "CN") |
| 17 | |
| 18 | Plugin/Script features: |
| 19 | |
| 20 | * X.509 Serial number is in hex, not decimal as with OpenSSL |
| 21 | * X.509 subject line has a different format than the OpenSSL subject line |
| 22 | * X.509 certificate export does not work |
| 23 | * X.509 certificate tracking |
| 24 | }}} |
| 25 | |
| 26 | = Getting the PolarSSL-enabled OpenVPN = |
| 27 | |
| 28 | [https://github.com/andj/openvpn-ssl-refactoring This external Git tree] has full PolarSSL support. Please use that while the patches [wiki:PolarSSLintegration are being in integrated] into mainline OpenVPN. |