- the OpenSSL build script for all platform, was only
used on macOS and better alternatives like homebrew exit there
- mac build scripts in general, cmake/homebrew is a better alternative
- vars for Android, Android uses CMake based build, see ics-openvpn for an example
- lzo build scripts. Core can do lzo decompress witout it and if used, system lzo can
be used
Signed-off-by: Arne Schwabe <arne@openvpn.net>
Most of these haven't been used in years and are
probably useless now. If required they can always
be recovered from the git history.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
The code that requires xxHash requires a fairly new xxHash version, so
add a local copy of 0.8.0 to build with this header only library.
Signed-off-by: Arne Schwabe <arne@openvpn.net>
This patch builds on work by David Sommerseth <davids@openvpn.net>
to move the PolarSSL API from polarssl-1.3 to mbedtls-2.3, which
has significant differences in some areas.
- Strings containing keys, certificates, CRLs, and DH parameters
need to be NULL-terminated and the length argument provided to
the corresponding mbedtls parse function must be able to read
the NULL-terminator. These places have been modified with a
'+1' to the length argument (x509cert.hpp, x509crl.hpp, dh.hpp,
pkctx.hpp).
- The SSL context object has been split up in mbedtls-2.3
Now many of the SSL configurations are done in a separate
SSL config object, which is added to the SSL context once
configured. In addition private/public keys are now stored
in a separate pk_context, which is later on attached to the
SSL context. Due to this, many of the calls setting either
SSL configuration parameters or working with pk_contexts have
been refactored. (sslctx.hpp)
- The older API loading the CA chain took a hostname argument.
The new API requires mbedtls_ssl_set_hostname() explicitly to
be called setting hostname. Some refactoring was needed here
too (sslctx.hpp).
- x509_oid_get_description() is now replaced by
mbedtls_oid_get_extended_key_usage().
- when mbedTLS renamed OID_CMP to MBEDTLS_OID_CMP, the return
value was changed so that a return value of 0 now means equal
rather than not-equal.
- mbedtls/platform.h must be loaded before any other mbedtls
include files (sslchoose.hpp).
- All functions and macros related to mbedTLS are now prefixed
with mbedtls_/MBEDTLS_
- Refactored External PKI and added some options to cli.cpp
to make it easier to test that the feature still works
correctly. This included removing the sig_type var and
standardizing on a PKCS#1 digest prefix per RFC 3447.
- Updated test keys to 2048 bits.
- Updated dependency build scripts to build mbedTLS.
- Enable MD4 in mbedTLS build script (needed for NTLM auth).
- Use an allow-all X509 cert profile to preserve compatibility
with older configs. Going forward, we will implement new
options to increase strictness on minimum RSA key size and
required cert signing algs.
- Added human-readable reason strings that explain why
a given cert in the chain wasn't accepted.
- This patch doesn't rename any files or rename internal
OpenVPN 3 symbols such as PolarSSLContext. This will
be done in a separate commit.
Signed-off-by: James Yonan <james@openvpn.net>
minor edits:
* Don't build OpenSSL.
* Edited ovpncli/README.txt with updated build command.
* Enabled C++11 in compiler flags, and turned off
some spurious warnings.
* Added CXX_COMPILER_FLAGS build flag to allow
C++-only flags to be defined.
Changes to build script as well:
* Honor OTHER_COMPILER_FLAGS and CXX_COMPILER_FLAGS
settings.
* For debug builds, DEBUG_BUILD=1 setting should be placed
in vars-x. Existing build DEBUG=1 setting now only
sets -g.
* For clang builds, don't emit -fvisibility=hidden because
that should be placed in OTHER_COMPILER_FLAGS in vars-x.
These scripts
scripts/mac/build-minicrypto
scripts/mac/build-polarssl
will now build PolarSSL (on OSX) with libminicrypto linkage.
Currently, only SHA1/256/512 implementations from OpenSSL are
built in libminicrypto. We leave the current PolarSSL AES
implementation as-is since it now implements AES-NI.
Also added portable openssl/build-openssl script.
* Added new cross-platform boost/build-boost script.
* Added new LINK_MODE var (static|shared) that is
used by Boost, PolarSSL, and OpenSSL (Linux) builds.
* More DEP_DIR flexibility:
(a) DEP_DIR can be defined prior to call of build-all scripts.
(b) On Linux, vars-linux script will not override DEP_DIR.
organization.
Added scripts under scripts/linux for building dependent
libraries.
Added test/ovpncli/cli.cpp to provide a command line client that
exercises ovpncli.hpp API and can be built via build script.
build process, one for core and one for java wrapper.
This is so that different optimization flags can be applied
to each step. In particular, the wrapper needs
-fno-strict-aliasing, but the core does not.
