Re: [Openvpn-devel] [PATCH] Fix loading PKCS12 files on Windows
Hi, > > Those are merged into the "master" branch, but not into "released". We > > could probably include those into the next 2.5 release? Otherwise > > they'll be part of 2.6. > > "You tell me". The probable performance impact should be a less issue for master, which in most cases will use dco on Windows. For 2.5, let's conduct performance tests first. Balancing security with performance tradeoffs is a difficult task. -- -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix loading PKCS12 files on Windows
Hi, On Wed, Oct 06, 2021 at 03:40:55PM +0300, Lev Stipakov wrote: > > Does that mean that CFG and Spectre protection are already included? > > Those are merged into the "master" branch, but not into "released". We > could probably include those into the next 2.5 release? Otherwise > they'll be part of 2.6. "You tell me". It was not relevant before as we did not build 2.5 with MSVC (except for ARM). gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH] Fix loading PKCS12 files on Windows
Adding openvpn-devel. > Does that mean that CFG and Spectre protection are already included? Those are merged into the "master" branch, but not into "released". We could probably include those into the next 2.5 release? Otherwise they'll be part of 2.6. -Lev ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
[Openvpn-devel] [PATCH] Fix loading PKCS12 files on Windows
From: Lev Stipakov Starting from 2.5.4 we have switched to MSVC builds, including dependencies such as OpenSSL. When we link with natively-built OpenSSL .DLLs (not cross compiled with MinGW), we are expected to include applink.c, which provides glue between OpenSSL BIO layer and compiler run-time. This doesn't apply to ARM64. Failure to do that results in "no OPENSSL_Applink" fatal error when calling, for example, d2i_PKCS12_fp(), which we do when loading PKCS12 files. Signed-off-by: Lev Stipakov --- src/openvpn/ssl_openssl.c | 4 1 file changed, 4 insertions(+) diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c index 31d94f2b..27fb66aa 100644 --- a/src/openvpn/ssl_openssl.c +++ b/src/openvpn/ssl_openssl.c @@ -65,6 +65,10 @@ #include #endif +#if defined(_MSC_VER) && !defined(_M_ARM64) +#include +#endif + /* * Allocate space in SSL objects in which to store a struct tls_session * pointer back to parent. -- 2.23.0.windows.1 ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel