Hi, I see the granularity of your patch set as "not right":
On Sun, May 24, 2020 at 01:33:22PM -0700, James Bottomley wrote:
> Testing engines is problematic, so one of the prerequisites built for
> the tests is a simple openssl engine that reads a non-standard PEM
> guarded key. The test is simply can we run a client/server
> configuration with the usual sample key replaced by an engine key.
> The trivial engine prints out some operations and we check for these
> in the log to make sure the engine was used to load the key and that
> it correctly got the password.
This patch says "add unit tests", but it contains changes to configure.ac
and OpenVPN code
> configure.ac | 5 +
> src/openvpn/crypto_openssl.c | 1 +
These two hunks should go to the first patch.
Every patch should be fully testable on its own - so if I apply only
the first hunk, I should be able to use and test engine keys, without
having to apply the "add a unit test" patch set.
> diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
> index a7569623..34637ebf 100644
> --- a/src/openvpn/crypto_openssl.c
> +++ b/src/openvpn/crypto_openssl.c
> @@ -92,6 +92,7 @@ setup_engine(const char *engine)
> {
> ENGINE *e = NULL;
>
> + OPENSSL_config(NULL);
> ENGINE_load_builtin_engines();
>
> if (engine)
For that change, I wonder what side effects it might have on existing
setups. Arne, can you help? Is this "safe"?
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
