On Mon, Nov 22, 2021 at 4:37 PM Gert Doering <g...@greenie.muc.de> wrote:
> Hi, > > On Mon, Nov 22, 2021 at 04:33:36PM -0500, Selva Nair wrote: > > I think setting env vars would give us extra protection as we can detect > > the actual location of Program Files or executable's path at run time. > > Indeed. > > (Also, the PR isn't exactly proceeding smoothly... no idea why the > vcpkg maintainer does not want to see why Lev's PR is an improvement > of the situation) > I didn't realize there is a pushback for the patch..May be he needs to see https://github.com/openssl/openssl/issues/9520, CVE-2019-5443 <https://nvd.nist.gov/vuln/detail/CVE-2019-5443> and our own CVE? I have a patch setting OPENSSL_CONF etc using SetEnvironmentVariableW() but it needs more testing especially for OPENSSL_ENGINES and OPENSSL_MODULES in 3.0. Is _putenv preferred? Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
