* [PR PATCH] openvpn: add mbedtls build option.
@ 2020-07-06 22:37 travankor
2020-07-07 0:29 ` travankor
` (12 more replies)
0 siblings, 13 replies; 14+ messages in thread
From: travankor @ 2020-07-06 22:37 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 381 bytes --]
There is a new pull request by travankor against master on the void-packages repository
https://github.com/travankor/void-packages openvpn
https://github.com/void-linux/void-packages/pull/23429
openvpn: add mbedtls build option.
Default to it since openvpn is broken with libressl-3.1.X.
A patch file from https://github.com/void-linux/void-packages/pull/23429.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openvpn-23429.patch --]
[-- Type: text/x-diff, Size: 1784 bytes --]
From ab534b57aff132f0c8e2a0e51bbfc013739659e1 Mon Sep 17 00:00:00 2001
From: travankor <travankor@tuta.io>
Date: Mon, 6 Jul 2020 15:13:09 -0700
Subject: [PATCH] openvpn: add mbedtls build option.
Default to it since openvpn is broken with libressl-3.1.X.
---
srcpkgs/openvpn/template | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/srcpkgs/openvpn/template b/srcpkgs/openvpn/template
index a348cfba8d2..ea91ee802de 100644
--- a/srcpkgs/openvpn/template
+++ b/srcpkgs/openvpn/template
@@ -1,12 +1,13 @@
# Template file for 'openvpn'
pkgname=openvpn
version=2.4.9
-revision=2
+revision=3
build_style=gnu-configure
-configure_args="--enable-pkcs11 --enable-iproute2 --disable-systemd"
+configure_args="$(vopt_enable pkcs11) --enable-iproute2 --disable-systemd
+ $(vopt_with mbedtls crypto-library=mbedtls)"
hostmakedepends="iproute2 pkg-config"
-makedepends="libressl-devel lzo-devel pam-devel pkcs11-helper-devel
- cmocka-devel"
+makedepends="$(vopt_if mbedtls mbedtls-devel libressl-devel) lzo-devel pam-devel
+ $(vopt_if pkcs11 pkcs11-helper-devel) cmocka-devel"
depends="iproute2"
short_desc="Easy-to-use, robust, and highly configurable VPN"
maintainer="Orphaned <orphan@voidlinux.org>"
@@ -15,6 +16,12 @@ homepage="https://www.openvpn.net"
distfiles="http://build.openvpn.net/downloads/releases/${pkgname}-${version}.tar.xz"
checksum=641f3add8694b2ccc39fd4fd92554e4f089ad16a8db6d2b473ec284839a5ebe2
+build_options="mbedtls pkcs11"
+build_options_default="mbedtls"
+desc_option_mbedtls="Build with mbedtls support"
+desc_option_pkcs11="Enable support for PKCS#11"
+vopt_conflict mbedtls pkcs11
+
post_install() {
vmkdir usr/share/examples/${pkgname}
cp -r sample/sample-config-files/* ${DESTDIR}/usr/share/examples/${pkgname}
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
@ 2020-07-07 0:29 ` travankor
2020-07-07 8:35 ` mobinmob
` (11 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-07 0:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 195 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654530176
Comment:
@jkoderu-git This should fix the issue with openvpn.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
2020-07-07 0:29 ` travankor
@ 2020-07-07 8:35 ` mobinmob
2020-07-07 13:57 ` jkoderu-git
` (10 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: mobinmob @ 2020-07-07 8:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 184 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654691501
Comment:
That is nice - mbedtls has LTS releases ;)
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
2020-07-07 0:29 ` travankor
2020-07-07 8:35 ` mobinmob
@ 2020-07-07 13:57 ` jkoderu-git
2020-07-10 16:11 ` Johnnynator
` (9 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: jkoderu-git @ 2020-07-07 13:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
New comment by jkoderu-git on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-654881215
Comment:
Thank you so much @travankor for your help!
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (2 preceding siblings ...)
2020-07-07 13:57 ` jkoderu-git
@ 2020-07-10 16:11 ` Johnnynator
2020-07-10 16:54 ` ericonr
` (8 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Johnnynator @ 2020-07-10 16:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 237 bytes --]
New comment by Johnnynator on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656757855
Comment:
Did you check if this fixes the problematic servers? (only aware of ProtonVPN confis so far)
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (3 preceding siblings ...)
2020-07-10 16:11 ` Johnnynator
@ 2020-07-10 16:54 ` ericonr
2020-07-10 21:46 ` travankor
` (7 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-10 16:54 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 205 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656778087
Comment:
Can we be sure this doesn't break other uses of OpenVPN as well?
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (4 preceding siblings ...)
2020-07-10 16:54 ` ericonr
@ 2020-07-10 21:46 ` travankor
2020-07-11 0:48 ` travankor
` (6 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-10 21:46 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 908 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656906045
Comment:
`mbedtls` is officially supported by openvpn. This should be 100% interoperable with other openvpn instances. (Some trivia: This version of openvpn was sponsored by the Dutch government for their restricted communication channels.)
The features that don't work compared to the openssl build:
```
* PKCS#12 file support
* --capath support - Loading certificate authorities from a directory
* Windows CryptoAPI support
* X.509 alternative username fields (must be "CN")
```
This is why the `mbedtls` and `pkcs12` options conflict since the build fails with both turned on.
---
Admittedly, I don't know the reason why libressl is causing problems and to what extent things are broken with openvpn. And yes, I tested protonovpn, which seems to work.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (5 preceding siblings ...)
2020-07-10 21:46 ` travankor
@ 2020-07-11 0:48 ` travankor
2020-07-11 1:29 ` ericonr
` (5 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-11 0:48 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 481 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656952817
Comment:
>Can we be sure this doesn't break other uses of OpenVPN as well?
Can you suggest some to test? Keep in mind that I can't really test every use case (like the ones involving corporate networks).
So far, I think the main difference is that the mbedtls version is a little slower and less responsive than the openssl/libressl version.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (6 preceding siblings ...)
2020-07-11 0:48 ` travankor
@ 2020-07-11 1:29 ` ericonr
2020-07-11 1:56 ` travankor
` (4 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-11 1:29 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 329 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656960389
Comment:
> Can you suggest some to test?
I have no idea, because I don't use it myself. Just want to avoid a regression for OpenVPN users whose setup is working with the latest LibreSSL version.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (7 preceding siblings ...)
2020-07-11 1:29 ` ericonr
@ 2020-07-11 1:56 ` travankor
2020-07-12 11:44 ` [PR PATCH] [Merged]: " Johnnynator
` (3 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: travankor @ 2020-07-11 1:56 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 264 bytes --]
New comment by travankor on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-656965893
Comment:
The best solution is to use Openssl. The other options are either 1) mbedtls or 2) patch libressl and/or openvpn to work.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: [PR PATCH] [Merged]: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (8 preceding siblings ...)
2020-07-11 1:56 ` travankor
@ 2020-07-12 11:44 ` Johnnynator
2020-07-14 10:47 ` Redcroft
` (2 subsequent siblings)
12 siblings, 0 replies; 14+ messages in thread
From: Johnnynator @ 2020-07-12 11:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 226 bytes --]
There's a merged pull request on the void-packages repository
openvpn: add mbedtls build option.
https://github.com/void-linux/void-packages/pull/23429
Description:
Default to it since openvpn is broken with libressl-3.1.X.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (9 preceding siblings ...)
2020-07-12 11:44 ` [PR PATCH] [Merged]: " Johnnynator
@ 2020-07-14 10:47 ` Redcroft
2020-07-14 11:39 ` ericonr
2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: Redcroft @ 2020-07-14 10:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 235 bytes --]
New comment by Redcroft on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658110857
Comment:
Hi,
This has broken pcks12 for me, is there anyway we can re-enable this option?
Thanks
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (10 preceding siblings ...)
2020-07-14 10:47 ` Redcroft
@ 2020-07-14 11:39 ` ericonr
2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-14 11:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 222 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658131558
Comment:
@Redcroft could you open a separate issue, please? That way it's easier to track.
^ permalink raw reply [flat|nested] 14+ messages in thread
* Re: openvpn: add mbedtls build option.
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
` (11 preceding siblings ...)
2020-07-14 11:39 ` ericonr
@ 2020-07-14 11:39 ` ericonr
12 siblings, 0 replies; 14+ messages in thread
From: ericonr @ 2020-07-14 11:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 318 bytes --]
New comment by ericonr on void-packages repository
https://github.com/void-linux/void-packages/pull/23429#issuecomment-658131558
Comment:
@Redcroft could you open a separate issue, please? That way it's easier to track. If you know how to build the package yourself, you can build it with the `pcks11` build option.
^ permalink raw reply [flat|nested] 14+ messages in thread
end of thread, other threads:[~2020-07-14 11:39 UTC | newest]
Thread overview: 14+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-06 22:37 [PR PATCH] openvpn: add mbedtls build option travankor
2020-07-07 0:29 ` travankor
2020-07-07 8:35 ` mobinmob
2020-07-07 13:57 ` jkoderu-git
2020-07-10 16:11 ` Johnnynator
2020-07-10 16:54 ` ericonr
2020-07-10 21:46 ` travankor
2020-07-11 0:48 ` travankor
2020-07-11 1:29 ` ericonr
2020-07-11 1:56 ` travankor
2020-07-12 11:44 ` [PR PATCH] [Merged]: " Johnnynator
2020-07-14 10:47 ` Redcroft
2020-07-14 11:39 ` ericonr
2020-07-14 11:39 ` ericonr
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).