Hello, 2017-02-08 23:39 GMT+01:00 Steffan Karger <stef...@karger.me>: > > The code change looks good, and passes my (manual) tests. I'd like to > keep the comment though, because this still is a hack/workaround to get > the private key from the SSL_CTX object, it just does so a little nicer > at the cost of a number of malloc/free calls.
Thanks for the review! The hack was because the code was accessing the cert in a strange way, not using the OpenSSL's functions, that's why I thought it was a good idea to remove it. But I'll add it back. > It might be even worth noting that the workaround is only needed for > OpenSSL <= 1.0.1, because later versions do have a function to get the > private key from a struct SSL_CTX directly. By noting that explicitly, > we help ourselves remember to get rid of the hack as soon as we drop > support for these OpenSSL versions. That's right, I've just looked and like Arne said, we just have to add a check for OpenSSL >= 1.0.2 and not LibreSSL to use the new function. I'll update my patch later today. LibreSSL will probably also add SSL_CTX_get0_privatekey() in a later version, so the check will be needed to be updated. Best Regards, Olivier ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel