]>
Commit | Line | Data |
---|---|---|
1 | This version of OpenVPN has mbed TLS support. To enable, follow the | |
2 | instructions below: | |
3 | ||
4 | To build and install, | |
5 | ||
6 | ./configure --with-crypto-library=mbedtls | |
7 | make | |
8 | make install | |
9 | ||
10 | This version requires mbed TLS version >= 2.0.0 or >= 3.2.1. | |
11 | ||
12 | ************************************************************************* | |
13 | ||
14 | Warning: | |
15 | ||
16 | As of mbed TLS 2.17, it can be licensed *only* under the Apache v2.0 license. | |
17 | That license is incompatible with OpenVPN's GPLv2. | |
18 | ||
19 | We are currently in the process of resolving this problem, but for now, if you | |
20 | wish to distribute OpenVPN linked with mbed TLS, there are two options: | |
21 | ||
22 | * Ensure that your case falls under the system library exception in GPLv2, or | |
23 | ||
24 | * Use an earlier version of mbed TLS. Version 2.16.12 is the last release | |
25 | that may be licensed under GPLv2. Unfortunately, this version is | |
26 | unsupported and won't receive any more updates. | |
27 | ||
28 | ************************************************************************* | |
29 | ||
30 | Due to limitations in the mbed TLS library, the following features are missing | |
31 | in the mbed TLS version of OpenVPN: | |
32 | ||
33 | * PKCS#12 file support | |
34 | * --capath support - Loading certificate authorities from a directory | |
35 | * Windows CryptoAPI support | |
36 | * X.509 alternative username fields (must be "CN") | |
37 | ||
38 | Plugin/Script features: | |
39 | ||
40 | * X.509 subject line has a different format than the OpenSSL subject line | |
41 | * X.509 certificate tracking | |
42 | ||
43 | ************************************************************************* | |
44 | ||
45 | Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled | |
46 | support in OpenVPN because the TLS-Exporter function is not yet implemented. |