[Openvpn-devel] Add README.wolfssl documentating the state of WolfSSL in OpenVPN

Message ID 20200417074345.5694-1-arne@rfc2549.org
State Accepted
Delegated to: Gert Doering
Headers show
Series
  • [Openvpn-devel] Add README.wolfssl documentating the state of WolfSSL in OpenVPN
Related show

Commit Message

Arne Schwabe April 17, 2020, 7:43 a.m.
---
 README.wolfssl | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 README.wolfssl

Comments

Gert Doering March 18, 2021, 1:22 p.m. | #1
Acked-by: Gert Doering <gert@greenie.muc.de>

Your patch has been applied to the master branch.

(This is a fairly old patch which has been sitting in my queue, waiting
for the WolfSSL patch to be merged)

commit f38819b7e42ea99f6ae218be6e6345c397c1af4c
Author: Arne Schwabe
Date:   Fri Apr 17 09:43:45 2020 +0200

     Add README.wolfssl documentating the state of WolfSSL in OpenVPN

     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20200417074345.5694-1-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19758.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
Juliusz Sosinowicz March 19, 2021, 12:36 p.m. | #2
Could we get something like
"For issues with using OpenVPN with wolfSSL, please contact 
support@wolfssl.com."
in the README.wolfssl? This would help streamline comms for users and 
improve user experience. I can prepare a patch with this change. Thanks.

Sincerely
Juliusz

On 18/03/2021 14:22, Gert Doering wrote:
> Acked-by: Gert Doering <gert@greenie.muc.de>
>
> Your patch has been applied to the master branch.
>
> (This is a fairly old patch which has been sitting in my queue, waiting
> for the WolfSSL patch to be merged)
>
> commit f38819b7e42ea99f6ae218be6e6345c397c1af4c
> Author: Arne Schwabe
> Date:   Fri Apr 17 09:43:45 2020 +0200
>
>       Add README.wolfssl documentating the state of WolfSSL in OpenVPN
>
>       Acked-by: Gert Doering <gert@greenie.muc.de>
>       Message-Id: <20200417074345.5694-1-arne@rfc2549.org>
>       URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19758.html
>       Signed-off-by: Gert Doering <gert@greenie.muc.de>
>
>
> --
> kind regards,
>
> Gert Doering
>
>
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Gert Doering March 19, 2021, 12:38 p.m. | #3
Hi,

On Fri, Mar 19, 2021 at 01:36:13PM +0100, Juliusz Sosinowicz wrote:
> Could we get something like
> "For issues with using OpenVPN with wolfSSL, please contact 
> support@wolfssl.com."
> in the README.wolfssl? This would help streamline comms for users and 
> improve user experience. I can prepare a patch with this change. Thanks.

Sure.  Change the wording any way that makes more sense for you - this
is/was just a first draft.

gert

Patch

diff --git a/README.wolfssl b/README.wolfssl
new file mode 100644
index 00000000..d417807b
--- /dev/null
+++ b/README.wolfssl
@@ -0,0 +1,29 @@ 
+Support for WolfSSL is implemented and maintained by WolfSSL Inc. The support is
+implemented using WolfSSL's compatiblity layer. The WolfSSL support in OpenVPN
+receives very limited testing/support from the OpenVPN community itself.
+
+If bugs in OpenVPN when using WolfSSL are encountered, the user should try to
+also compile OpenVPN with OpenSSL to determinate if these are bugs in the
+WolfSSL TLS implemenation or OpenVPN itself.
+
+To Build and Install,
+
+	./configure --with-crypto-library=wolfssl
+	make
+	make install
+
+
+The wolfSSL library will include the installed options.h file by default.
+To include a custom user_settings.h file for wolfSSL,
+
+./configure --with-crypto-library=wolfssl --disable-wolfssl-options-h
+make
+make install
+
+*************************************************************************
+Due to limitations in the wolfSSL TLS library or its compability layer, the
+following features are missing
+
+ * blowfish support (BF-CBC), you must use something like
+   cipher AES-128-CBC to avoid trying to use BF-CBC
+ * Windows CryptoAPI support