Hi Samuli, Since plugins have support for X.509 certificates, they need to enable either USE_OPENSSL or USE_POLARSSL, and include the appropriate X.509 backend (ssl_verify_*.h). Since neither was defined, the file was not included and therefore the build failed.
This is part of a larger problem, where if USE_SSL is not defined a dependency to OpenSSL's x509 header still exists for plugins. I've fixed this in a patch that I'll upload and mail soon. Adriaan From: Samuli Seppänen [mailto:sam...@openvpn.net] Sent: woensdag 6 juli 2011 21:21 To: Adriaan de Jong Cc: openvpn-devel@lists.sourceforge.net Subject: Re: [Openvpn-devel] PolarSSL patches Hi Adriaan, I tried building your tree on Debian 5 (amd64) VM and got this error: #make plugins /usr/bin/make -C plugin/auth-pam/ make[1]: Entering directory `/home/buildslave/andj-openvpn-ssl-refactoring-4970f14/plugin/auth-pam' gcc -O2 -Wall -DDLOPEN_PAM=0 -fPIC -c -I../.. auth-pam.c In file included from auth-pam.c:49: ../../openvpn-plugin.h:283: error: expected specifier-qualifier-list before 'x509_cert_t' make[1]: *** [auth-pam.o] Error 1 make[1]: Leaving directory `/home/buildslave/andj-openvpn-ssl-refactoring-4970f14/plugin/auth-pam' make: *** [build-stamp] Error 2 The same VM has been used to successfully build the official release packages. Samuli Hi everyone, During last week's meeting we decided to temporarily create a github tree for OpenVPN. It can be found at https://github.com/andj/openvpn-ssl-refactoring . The version found there is now ready for testing, and will (hopefully) be included in the 2.3 alpha versions. Could interested parties please have a look and provide me with feedback (through IRC/e-mail?). Thanks! Adriaan de Jong PS. Note that due to limitations in PolarSSL, it is still missing a number of features: * PKCS#12 file support * --capath support - Loading certificate authorities from a directory * Windows CryptoAPI support * Management external key support * X.509 alternative username fields (must be "CN") Plugin/Script features: * X.509 Serial number is in hex, not decimal as with OpenSSL * X.509 subject line has a different format than the OpenSSL subject line * X.509 certificate export does not work * X.509 certificate tracking Fox-IT ...for a more secure society I www.fox-it.com<http://www.fox-it.com/>
