We’re hoping that it is a big step towards modularization for both the data channel crypto and control channel negotiation. As the control channel verification code has been separated, it should also be a first step towards modularization of that code.
Adriaan From: chantra [mailto:chan...@debuntu.org] Sent: donderdag 2 december 2010 11:20 To: Adriaan de Jong Cc: Farkas Levente; openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] Documentation and alternative SSL backend patches PolarSSL was a personal choice for us, mostly due to its simplicity and multi-platform support. The patch is written in such a way that generic operations from most libraries should work, as long as a new backend is written for them. Adriaan Hi, This seems to be a step forward to https://community.openvpn.net/openvpn/wiki/RoadMap#OpenVPN3.0:Designandimplementation and in my opinion is an interesting addition to openvpn code. Chantra > -----Original Message----- > From: Farkas Levente [mailto:lfar...@lfarkas.org] > Sent: donderdag 2 december 2010 10:47 > To: Adriaan de Jong > Cc: > openvpn-devel@lists.sourceforge.net<mailto:openvpn-devel@lists.sourceforge.net> > Subject: Re: [Openvpn-devel] Documentation and alternative SSL backend > patches > > On 12/02/2010 10:05 AM, Adriaan de Jong wrote: > > Hi List, > > > > We've been working on OpenVPN in preparation for a security > evaluation. This entailed documenting OpenVPN at a relatively high > level, removing the dependencies on OpenSSL, and adding support for a > simpler, easier to evaluate library (PolarSSL). > > > > This was done in a series of patches: > > - Patch 1: Adds documentation to OpenVPN through Doxygen. > > - Patch 2: Splits out OpenSSL-specific code, defining a clean > "backend" interface for both the crypto and SSL modules. Splits the SSL > module into channel setup and verification sub-modules. > > - Patch 3: Adds a backend for PolarSSL. > > > > We'd love to release these patches to the community. Unfortunately, > the patches are now based on 2.1.4, and need to be rebased to a newer > version. Before we spend time on updating the patches to the current > revision of OpenVPN, we'd like to know whether there is an interest in > these patches from the community. > > most distro switch from openssl to nss. is there any reason you switch > to polarssl in stead of nss? > > -- > Levente "Si vis pacem para bellum!"
