forked from OpenVPN/openvpn
-
Notifications
You must be signed in to change notification settings - Fork 2
/
README.mbedtls
44 lines (29 loc) · 1.44 KB
/
README.mbedtls
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
This version of OpenVPN has mbed TLS support. To enable follow the following
instructions:
To Build and Install,
./configure --with-crypto-library=mbedtls
make
make install
This version depends on mbed TLS 2.0 (and requires at least 2.0.0).
*************************************************************************
Warning:
As of mbed TLS 2.17, it can be licensed *only* under the Apache v2.0 license.
That license is incompatible with OpenVPN's GPLv2.
If you wish to distribute OpenVPN linked with mbed TLS, there are two options:
* Ensure that your case falls under the system library exception in GPLv2, or
* Use an earlier version of mbed TLS. Version 2.16.12 is the last release
that may be licensed under GPLv2. Unfortunately, this version is
unsupported and won't receive any more updates.
If nothing changes about the license situation, mbed TLS support may be
deprecated in a future release of OpenVPN.
*************************************************************************
Due to limitations in the mbed TLS library, the following features are missing
in the mbed TLS version of OpenVPN:
* PKCS#12 file support
* --capath support - Loading certificate authorities from a directory
* Windows CryptoAPI support
* X.509 alternative username fields (must be "CN")
Plugin/Script features:
* X.509 subject line has a different format than the OpenSSL subject line
* X.509 certificate export does not work
* X.509 certificate tracking