Ack, I think this solves the PolarSSL with/without PKCS11-helper problem.
> -----Original Message-----
> From: Steffan Karger [mailto:steffan.kar...@fox-it.com]
> Sent: woensdag 20 maart 2013 19:53
> To: Gert Doering
> Cc: openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH 1/5] PolarSSL-1.2 support
>
> Hi,
>
> Attached a patch for the second point you make. It was a pre-existing
> bug where the autoconf script was not equipped to detect incorrectly
> compiled polarssl builds, e.g. without pkcs11 support.
>
> I'm still working on the first (polarssl-blowfish) point, need to do
> some more testing first on that one.
>
> Regards,
> -Steffan
>
> -----Original Message-----
> From: Gert Doering [mailto:g...@greenie.muc.de]
> Sent: dinsdag 19 maart 2013 15:27
> To: Steffan Karger
> Cc: openvpn-devel@lists.sourceforge.net
> Subject: Re: [Openvpn-devel] [PATCH 1/5] PolarSSL-1.2 support
>
> Hi,
>
> On Mon, Mar 18, 2013 at 05:37:28PM +0100, steffan.kar...@fox-it.com
> wrote:
> > From: Steffan Karger <steffan.kar...@fox-it.com>
> >
> > Add support for PolarSSL-1.2, which has changed the API in several
> places.
> > This is a minimal port, new features have not been enabled. Only
> > PolarSSL
> > 1.2.5 and newer are accepted, as earlier versions contain unresolved
> > (security) issues.
>
> NAK, actually, for two reasons:
>
> - there is "something wrong" with the blowfish support - patching
> release/2.3 in git with these 5 patches and compiling with polar
> 1.2.5
> creates a binary that is not interoperating with openssl-compiled
> openvpn (cipher blowfish-cbc on the polar side, bf-cbc on openssl) -
> it
> negotiates just fine, but data packets cannot be decrypted
>
> 14:23 <@dazo> Tue Mar 19 14:16:08 2013 Authenticate/Decrypt packet
> error:
> cipher final failed
>
> - when configuring with --enable-pkcs11, compilation fails
>
> 14:17 <@dazo> ssl_polarssl.h:69:5: error: expected specifier-qualifier-
> list
> before \u2018pkcs11_context\u2019
>
> (I'm just relaying, David did the actual testing... my buildbot box is
> still busy trying to compile polar 1.2.6...)
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025 g...@net.informatik.tu-
> muenchen.de
