Good error messages are always an improvement, and not going on after
a "cannot use this certificate" error is propably also a good idea
(so, change M_WARN to M_FATAL makes sense).
For the "test on many different OpenSSL versions and OSes" I have
subjected this to the GH builds and my local MinGW test, and all
succeeded.
Backporting to 2.6 was not fully automatic, had to manually skip
the patch to test_pkcs11.c (which does not exist in 2.6).
Your patch has been applied to the master and release/2.6 branch.
commit 2671dcb69837ae58b3303f11c1b6ba4cee8eea00 (master)
commit ebfa5f3811e92863a3bbcc53b7a3f1b29dff1bc1 (release/2.6)
Author: Selva Nair
Date: Sun Oct 1 13:49:20 2023 -0400
Log OpenSSL errors on failure to set certificate
Signed-off-by: Selva Nair <selva.n...@gmail.com>
Acked-by: Arne Schwabe <a...@rfc2549.org>
Message-Id: <20231001174920.54154-1-selva.n...@gmail.com>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27122.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
