Hi, On Mon, Nov 22, 2021 at 12:20 PM Lev Stipakov <lstipa...@gmail.com> wrote:
> I added a commit to vcpkg/openssl PR > (https://github.com/microsoft/vcpkg/pull/21540) which gives an option > to customize ENGINESDIR. Unfortunately openssl doesn't make it easy - > ENGINESDIR is built based on --prefix, which is set to vcpkg build > dir. The prefix cannot be set to something like C:\SSL, because in > this case vcpkg build would require an elevated prompt. So I had to > patch the makefile template. Let's see if there are less hacky ways to > do it. > A common practice for locally installing to a private path for development would be to do a "prefix relocation" using DESTDIR: make DESTDIR=/home/selva/openssl-pkg/ install which will preserve the search paths compiled into the library. This will work for cross-compile on linux even with drive letters in prefix, though awkward. But such an approach cannot work on Windows as "C:" cannot be embedded in Windows paths. A hack could be to use paths without a drive letter: like prefix = "/Program Files/OpenVPN/" etc. and then use DESTDIR to relocate for the development installation. That relies on the Windows behaviour that paths starting with "/" resolve to "C:/" and depends on the value of "current drive" which is probably reliable. Otherwise patching as you propose may be the only way.. That said, how safe is this use of "C:/Program files/foo-bar" itself? Could it be vulnerable in localized Windows -- e.g., "C:/Program Files/" may not exist in some language versions and any user could then create one. If so, we may have to set "C:/Windows/System32/" or some such path as OPENSSLDIR, ENGINESDIR and MODULESDIR. It's unfortunate that OpenSSL folks decided to use hard-coded values in the library for config location and dll search paths. Given these difficulties, shall we (also) set env vars in OpenVPN.exe on startup so that OpenSSL config file and search paths will point to safe locations determined at run time (only if not already set by user) -- needed only for Windows as we do not distribute OpenSSL for other platforms. OpenSSL docs say what env vars are used to override built-in paths, I'll do some tests to be sure. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
