Hi,
By commit abd5ee9b7dc4ba85438da5d16bb7dfb31714dac7 we disabled loading of
OpenSSL configuration file on Windows due to OPENSSLDIR pointing to a
writable location in our builds.
I think we have to fix this. Considering that we distribute Windows
executable with our own OpenSSL build, this is totally under our control
and not an upstream issue.
For OpenSSL 3.0, loading of legacy provider for example will require us to
include legacy.so and MODULESDIR to point to the folder where it's
installed. While doing that we could also arrange to have OPENSSLDIR and
--prefix point to safe locations.
As per NOTES-WINDOWS.md in OpenSSL 3.0, the default values of these
locations are read-only:
<quote>
For VC-WIN32, the following defaults are use:
PREFIX: %ProgramFiles(x86)%\OpenSSL
OPENSSLDIR: %CommonProgramFiles(x86)%\SSL
For VC-WIN64, the following defaults are use:
PREFIX: %ProgramW6432%\OpenSSL
OPENSSLDIR: %CommonProgramW6432%\SSL
Should those environment variables not exist (on a pure Win32
installation for examples), these fallbacks are used:
PREFIX: %ProgramFiles%\OpenSSL
OPENSSLDIR: %CommonProgramFiles%\SSL
</quote>
Does this apply to our current build process? Or do we have to do something
in the MSVC build-setup? If it's the latter, can we also fix OPENSSLDIR so
that config loading can be re-enabled for OpenSSL 1.1.1 as well?
Not having the ability to load modules probably affects a small number of
users, but the number is not zero.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
