diff options
author | Adriaan de Jong <dejong@fox-it.com> | 2011-07-05 13:09:13 +0200 |
---|---|---|
committer | David Sommerseth <davids@redhat.com> | 2011-10-22 16:00:49 +0200 |
commit | 7dd8bbf574672b60d4776bee0ef9908cf1f49c2f (patch) | |
tree | 3f8dbf8d216011e7ad489a2e07333edc7dc273da | |
parent | 88203950ef5ce2f23325ceff5ad247033dfa0005 (diff) | |
download | openvpn-7dd8bbf574672b60d4776bee0ef9908cf1f49c2f.tar.gz openvpn-7dd8bbf574672b60d4776bee0ef9908cf1f49c2f.tar.xz openvpn-7dd8bbf574672b60d4776bee0ef9908cf1f49c2f.zip |
Disabled X.509 track and username selection for PolarSSL
Signed-off-by: Adriaan de Jong <dejong@fox-it.com>
Acked-by: James Yonan <james@openvpn.net>
Signed-off-by: David Sommerseth <davids@redhat.com>
-rw-r--r-- | README.polarssl | 19 | ||||
-rw-r--r-- | configure.ac | 4 | ||||
-rw-r--r-- | openvpn.8 | 1 | ||||
-rw-r--r-- | options.c | 2 | ||||
-rw-r--r-- | syshead.h | 2 |
5 files changed, 20 insertions, 8 deletions
diff --git a/README.polarssl b/README.polarssl index bd066e4..77a9575 100644 --- a/README.polarssl +++ b/README.polarssl @@ -7,17 +7,22 @@ To Build and Install, make make install +This version depends on at least PolarSSL v0.99. + ************************************************************************* -The following features are missing in the PolarSSL version of OpenVPN: +Due to limitations in the PolarSSL library, the following features are missing +in the PolarSSL version of OpenVPN: - * ca_path support - Loading certificate authorities from a directory * PKCS#12 file support + * --capath support - Loading certificate authorities from a directory * Windows CryptoAPI support * Management external key support - * X509 alternative username fields (must be "CN") + * X.509 alternative username fields (must be "CN") + +Plugin/Script features: - TODO: - * serial is in Hex - * X509 certificate export - * X.509 tracking + * X.509 Serial number is in hex, not decimal as with OpenSSL + * X.509 subject line has a different format than the OpenSSL subject line + * X.509 certificate export does not work + * X.509 certificate tracking diff --git a/configure.ac b/configure.ac index bbdd713..a6b3019 100644 --- a/configure.ac +++ b/configure.ac @@ -840,6 +840,10 @@ fi dnl enable --x509-username-field feature if requested if test "$X509ALTUSERNAME" = "yes"; then + if test "$SSL_LIB" = "polarssl" ; then + AC_MSG_ERROR([PolarSSL does not support the --x509-username-field feature]) + fi + AC_DEFINE(ENABLE_X509ALTUSERNAME, 1, [Enable --x509-username-field feature]) fi @@ -4543,6 +4543,7 @@ to save values from full cert chain. Values will be encoded as X509_<depth>_<attribute>=<value>. Multiple .B \-\-x509-track options can be defined to track multiple attributes. +Not available with PolarSSL. .\"********************************************************* .TP .B \-\-ns-cert-type client|server @@ -604,8 +604,10 @@ static const char usage_message[] = " of verification.\n" "--ns-cert-type t: Require that peer certificate was signed with an explicit\n" " nsCertType designation t = 'client' | 'server'.\n" +#ifdef ENABLE_X509_TRACK "--x509-track x : Save peer X509 attribute x in environment for use by\n" " plugins and management interface.\n" +#endif #if OPENSSL_VERSION_NUMBER >= 0x00907000L || USE_POLARSSL "--remote-cert-ku v ... : Require that the peer certificate was signed with\n" " explicit key usage, you can specify more than one value.\n" @@ -627,7 +627,7 @@ socket_defined (const socket_descriptor_t sd) /* * Enable x509-track feature? */ -#if defined(USE_CRYPTO) && defined(USE_SSL) && defined USE_OPENSSL +#if defined(USE_CRYPTO) && defined(USE_SSL) && defined (USE_OPENSSL) #define ENABLE_X509_TRACK #endif |