Thanks,
I tried this one and client wasn't able to connect:
OpenSSL: error:14201076:SSL routines:tls_choose_sigalg:no suitable
signature algorithm
So it looks like config loading works.
The binaries for V4 could be found here:
https://github.com/lstipakov/openvpn/actions/runs/1496339867
Hi,
On Tue, Nov 23, 2021 at 1:37 PM Lev Stipakov wrote:
> I don't have a setup to properly test it, like actually loading the
> config - I only checked that the openvpn.exe attempted to access
> openssl.cnf at the correct location.
>
> If someone wants to test - binary artifacts could be found
On Tue, Nov 23, 2021 at 1:46 PM Gert Doering wrote:
> Hi,
>
> On Fri, Nov 19, 2021 at 02:53:06AM +0200, Lev Stipakov wrote:
> > +if ((install_path[wcslen(install_path) - 1]) == L'\\')
> > +{
> > +install_path[wcslen(install_path) - 1] = L'\0';
> > +}
> > +
> > +WCHAR
Hi,
On Fri, Nov 19, 2021 at 02:53:06AM +0200, Lev Stipakov wrote:
> +if ((install_path[wcslen(install_path) - 1]) == L'\\')
> +{
> +install_path[wcslen(install_path) - 1] = L'\0';
> +}
> +
> +WCHAR openssl_cnf[MAX_PATH] = {0};
> +WCHAR openssl_engines[MAX_PATH] = {0};
I don't have a setup to properly test it, like actually loading the
config - I only checked that the openvpn.exe attempted to access
openssl.cnf at the correct location.
If someone wants to test - binary artifacts could be found here:
https://github.com/lstipakov/openvpn/actions/runs/1496114596
From: Lev Stipakov
Commits
- 92535b6 ("contrib/vcpkg-ports: add openssl port with --no-autoload-config
option set (CVE-2121-3606)")
- 447cfb4 ("crypto_openssl.c: disable explicit initialization on Windows
(CVE-2121-3606)")
disabled OpenSSL config loading functionality, which could be