wiki:UsingPolarSSL

Version 2 (modified by Samuli Seppänen, 9 years ago) (diff)

--

Introduction

PolarSSL support is not yet (11th Aug 2011) fully integrated with mainline OpenVPN. Status of the integration is viewable from this page. First OpenVPN 2.3 alpha will be the first official release to include full PolarSSL support.

Limitations compared to OpenSSL

Author of the patchset said the following:

Note that due to limitations in PolarSSL, it is still missing a number of features:

 * PKCS#12 file support
 * --capath support - Loading certificate authorities from a directory
 * Windows CryptoAPI support
 * Management external key support
 * X.509 alternative username fields (must be "CN")

Plugin/Script features:

 * X.509 Serial number is in hex, not decimal as with OpenSSL
 * X.509 subject line has a different format than the OpenSSL subject line
 * X.509 certificate export does not work
 * X.509 certificate tracking

Latest README.polarssl may contain more recent information.

Getting the PolarSSL-enabled OpenVPN

This external Git tree has full PolarSSL support. Please use that while the patches are being in integrated into mainline OpenVPN.