[strongSwan-dev] Building strongSwan for Windows on Linux

Kevin Lussier Kevin.Lussier at Sophos.com
Wed Aug 23 01:37:31 CEST 2017

Hello all.

I am trying to cross-compile strongSwan for Windows using MinGW64 on Ubuntu 16.04 (64-bit). The problem I am having at the moment is OpenSSL.

My steps were:

Install MinGW64
  sudo apt-get install mingw-w64

Build OpenSSL
  git clone https://github.com/openssl/openssl.git OpenSSL_1_1_0-stable
  cd OpenSSL_1_1_0-stable
  git checkout OpenSSL_1_1_0-stable
  ./Configure --prefix=$PWD/build --cross-compile-prefix=x86_64-w64-mingw32- mingw64 no-asm no-deprecated mingw64
  make install

Grab strongSwan 5.6.0
  git clone git://git.strongswan.org/strongswan.git
  cd strongswan
  git checkout 5.6.0

Now, at this point I hit a problem. If I just run autogen.sh, it would produce a configure file that has 'openssl_lib=eay32', but OpenSSL no longer builds libraries with that name. So I changed that line to be 'openssl_lib=crypto'.

Issue the configure command
  ./configure --prefix=$PWD/build --disable-defaults --enable-monolithic --enable-static --enable-svc \
  --enable-ikev2 --enable-ikev1  --enable-nonce --enable-pem --enable-pkcs1 --enable-x509 \
  --enable-openssl --enable-socket-win --enable-kernel-wfp --enable-kernel-iph --enable-pubkey \
  --enable-swanctl --with-swanctldir=swanctl --with-strongswan-conf=strongswan.conf --host=x86_64-w64-mingw32 \
  CFLAGS="-g -O2 -Wall -Wno-pointer-sign -Wno-format-security -Wno-format -mno-ms-bitfields -I/home/kevin/OpenSSL_1_1_0-stable/build/include" \

The configure works, but there is one item of note in the output:
  checking for EVP_CIPHER_CTX_new in -lcrypto... yes
  checking openssl/evp.h usability... yes
  checking openssl/evp.h presence... no
  configure: WARNING: openssl/evp.h: accepted by the compiler, rejected by the preprocessor!
  configure: WARNING: openssl/evp.h: proceeding with the compiler's result
  checking for openssl/evp.h... yes

Run the make

This is my point of failure. The build fails when compiling the openssl plugin:

Making all in plugins/openssl
make[5]: Entering directory `/home/kevin/strongswan-5.6.0/src/libstrongswan/plugins/openssl'
depbase=`echo openssl_rsa_private_key.lo | sed 's|[^/]*$|.deps/&|;s|\.lo$||'`;\
        /bin/bash ../../../../libtool  --tag=CC   --mode=compile x86_64-w64-mingw32-gcc -DHAVE_CONFIG_H -I. -I../../../..  -I../../../../src/libstrongswan -DFIPS_MODE=0 -I/usr/local/include  -g -O2 -Wall -Wno-pointer-sign -Wno-format-security -Wno-format -mno-ms-bitfields -I/home/kevin/openssl-master/build/include -include /home/kevin/strongswan-5.6.0/config.h -MT openssl_rsa_private_key.lo -MD -MP -MF $depbase.Tpo -c -o openssl_rsa_private_key.lo openssl_rsa_private_key.c &&\
        mv -f $depbase.Tpo $depbase.Plo
libtool: compile:  x86_64-w64-mingw32-gcc -DHAVE_CONFIG_H -I. -I../../../.. -I../../../../src/libstrongswan -DFIPS_MODE=0 -I/usr/local/include -g -O2 -Wall -Wno-pointer-sign -Wno-format-security -Wno-format -mno-ms-bitfields -I/home/kevin/openssl-master/build/include -include /home/kevin/strongswan-5.6.0/config.h -MT openssl_rsa_private_key.lo -MD -MP -MF .deps/openssl_rsa_private_key.Tpo -c openssl_rsa_private_key.c  -DDLL_EXPORT -DPIC -o .libs/openssl_rsa_private_key.o
In file included from /usr/share/mingw-w64/include/windows.h:95:0,
                 from /usr/share/mingw-w64/include/winsock2.h:23,
                 from ../../../../src/libstrongswan/utils/compat/windows.h:24,
                 from ../../../../src/libstrongswan/utils/utils.h:38,
                 from ../../../../src/libstrongswan/library.h:101,
                 from ../../../../src/libstrongswan/credentials/builder.h:41,
                 from openssl_rsa_private_key.h:26,
                 from openssl_rsa_private_key.c:25:
/home/kevin/openssl-master/build/include/openssl/x509.h:84:34: error: expected ')' before numeric constant

I originally tried using a pre-built OpenSSL from https://slproweb.com/products/Win32OpenSSL.html, but the strongSwan build failed the same way. That's why I built OpenSSL myself, hoping it would fix the problem. However, since it appears to be a problem with the headers, it's not too surprising that both builds failed.

So, can anyone tell me what I am doing wrong?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20170822/09e954a9/attachment-0001.html>

More information about the Dev mailing list