On 28/06/12 19:44, Arne Schwabe wrote: > > Just a quick patch which fixes --management-external-key, which I need > for a cleaner way to access Android key store. >
(please, don't attach the patches as attachments - rather send them as plain
text mail, easier to review and far easier for me to process these patches
afterwards when including them - git send-email is easy to set up, which does
everything correct instantly)
I think I found a bug in your patch ...
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 367c1bc..a5f323d 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -2709,6 +2709,9 @@ options_postprocess_filechecks (struct options *options)
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE, options->cert_file,
R_OK, "--cert");
errs |= check_file_access (CHKACC_FILE|CHKACC_INLINE,
options->extra_certs_file, R_OK,
"--extra-certs");
+#ifdef MANAGMENT_EXTERNAL_KEY
+ if(!(options->management_flags | MF_EXTERNAL_KEY))
^^^
I believe this should the '|' should be '&' instead. At least, it doesn't work
so well when I don't change it.
What do you think?
My tests are:
./src/openvpn/openvpn --dev tun --tls-client --ca sample/sample-keys/ca.crt
--cert sample/sample-keys/client.crt --management 127.0.0.1 1234 --remote
127.0.0.1 --key non-existing-file
(this should fail with a "file not found" error)
and
./src/openvpn/openvpn --dev tun --tls-client --ca sample/sample-keys/ca.crt
--cert sample/sample-keys/client.crt --management 127.0.0.1 1234 --remote
127.0.0.1 --key non-existing-file --management-external-key
But ... is it expected to pass --key if you use --management-external-key? I
probably don't know enough about this --management-external-key feature, so I
might be wrong.
kind regards,
David Sommerseth
signature.asc
Description: OpenPGP digital signature
