Re: [Openvpn-devel] [PATCH] Mac OSX Keychain certificate support

Wed, 05 May 2010 02:40:56 +0000 

Hi David,

On May 1, 2010, at 9:41 AM, David Sommerseth wrote:

Looking good!  You also have dmsg() I believe for debugging as well.
But then I believe the logging will only be enabled if configured with
- --enable-debug, iirc. Anyway, that was just a side note. If you want 
it like it is now, we don't need to change anything in this regard.



We can leave the logging functionality like it is now.  Again, it is  
not actively being used, it's there just in case.   If it ends up  
being used a lot in future debugging efforts, I may change the calls  
to dmsg().



Seems good to me.  Have you tried running a patched OpenVPN through
valgrind?  Just to make sure you don't have any memory leaks.  It's
important to also check how it reacts when re-negotiating the tunnel

encryption (--reneg-* arguments can be tweaked to make this happen  
more

often).  And also if there are any leaks in error situations.



I hadn't even heard of valgrind until you mentioned it.  I ran the  
certificate code through Mac OSX Instruments to detect memory leaks,  
but that was before I integrated it with OpenVPN and added the  
gc_arena stuff.  I will try running it through Instruments again or  
valgrind when I get a chance.



Thanks again for job well done!  As I said in the beginning, we're

getting closer to inclusion now.  I just need to get some  
confirmations
from some others in addition who will try out this patch on OSX.   
What's

interesting in this next round now is to get confirmation that it
compiles cleanly and behaves as initially expected.  Then I'd like to
hear more about if any memory leaks have been found or not.

When they give a positive response on the compilation and usability,

I'll give you a feature branch in openvpn-testing.git.  And when we  
feel

pretty safe that no memory leaks are found, we can look at merging it
into the allmerged branch.  Does this sound reasonable to you?



Sounds perfectly reasonable.  This is the normal process you go  
through, correct?  My only concern is that we will have difficulty  
finding people to test out this functionality on Mac OSX.  I'm working  
on trying to get the word out to possibly interested parties.   Should  
I have them post their results to this list?


Brian





















					Reply via email to