| | 1 | = Introduction = |
| | 2 | |
| | 3 | PolarSSL support is not yet (11th Aug 2011) fully integrated with mainline OpenVPN. Status of the integration is viewable from [wiki:PolarSSLintegration this page]. First OpenVPN 2.3 alpha will be the first official release to include full PolarSSL support. |
| | 4 | |
| | 5 | = Limitations compared to OpenSSL = |
| | 6 | |
| | 7 | Author of the patchset [http://sourceforge.net/mailarchive/message.php?msg_id=27751181 said] the following: |
| | 8 | |
| | 9 | {{{ |
| | 10 | Note that due to limitations in PolarSSL, it is still missing a number of features: |
| | 11 | |
| | 12 | * PKCS#12 file support |
| | 13 | * --capath support - Loading certificate authorities from a directory |
| | 14 | * Windows CryptoAPI support |
| | 15 | * Management external key support |
| | 16 | * X.509 alternative username fields (must be "CN") |
| | 17 | |
| | 18 | Plugin/Script features: |
| | 19 | |
| | 20 | * X.509 Serial number is in hex, not decimal as with OpenSSL |
| | 21 | * X.509 subject line has a different format than the OpenSSL subject line |
| | 22 | * X.509 certificate export does not work |
| | 23 | * X.509 certificate tracking |
| | 24 | }}} |
| | 25 | |
| | 26 | = Getting the PolarSSL-enabled OpenVPN = |
| | 27 | |
| | 28 | [https://github.com/andj/openvpn-ssl-refactoring This external Git tree] has full PolarSSL support. Please use that while the patches [wiki:PolarSSLintegration are being in integrated] into mainline OpenVPN. |
