]>
Commit | Line | Data |
---|---|---|
f53f0631 MF |
1 | This version of OpenVPN has mbed TLS support. To enable, follow the |
2 | instructions below: | |
53f97e1e | 3 | |
f53f0631 | 4 | To build and install, |
53f97e1e | 5 | |
ed0e7993 | 6 | ./configure --with-crypto-library=mbedtls |
53f97e1e AJ |
7 | make |
8 | make install | |
9 | ||
f53f0631 | 10 | This version requires mbed TLS version >= 2.0.0 or >= 3.2.1. |
7dd8bbf5 | 11 | |
53f97e1e AJ |
12 | ************************************************************************* |
13 | ||
110eee02 MF |
14 | Warning: |
15 | ||
16 | As of mbed TLS 2.17, it can be licensed *only* under the Apache v2.0 license. | |
17 | That license is incompatible with OpenVPN's GPLv2. | |
18 | ||
f53f0631 MF |
19 | We are currently in the process of resolving this problem, but for now, if you |
20 | wish to distribute OpenVPN linked with mbed TLS, there are two options: | |
110eee02 MF |
21 | |
22 | * Ensure that your case falls under the system library exception in GPLv2, or | |
23 | ||
24 | * Use an earlier version of mbed TLS. Version 2.16.12 is the last release | |
25 | that may be licensed under GPLv2. Unfortunately, this version is | |
26 | unsupported and won't receive any more updates. | |
27 | ||
110eee02 MF |
28 | ************************************************************************* |
29 | ||
ed0e7993 DS |
30 | Due to limitations in the mbed TLS library, the following features are missing |
31 | in the mbed TLS version of OpenVPN: | |
53f97e1e | 32 | |
53f97e1e | 33 | * PKCS#12 file support |
7dd8bbf5 | 34 | * --capath support - Loading certificate authorities from a directory |
53f97e1e | 35 | * Windows CryptoAPI support |
7dd8bbf5 AJ |
36 | * X.509 alternative username fields (must be "CN") |
37 | ||
38 | Plugin/Script features: | |
53f97e1e | 39 | |
7dd8bbf5 | 40 | * X.509 subject line has a different format than the OpenSSL subject line |
7dd8bbf5 | 41 | * X.509 certificate tracking |
f53f0631 MF |
42 | |
43 | ************************************************************************* | |
44 | ||
efad93d0 MF |
45 | Mbed TLS 3 has implemented (parts of) the TLS 1.3 protocol, but we have disabled |
46 | support in OpenVPN because the TLS-Exporter function is not yet implemented. |