Hi,
On Mon, Nov 22, 2021 at 3:27 PM Lev Stipakov <lstipa...@gmail.com> wrote:
> Hi,
>
> I added
>
> _putenv("OPENSSL_CONF=c:\\Temp\\lol.conf");
>
> to openvpn_main() and see
>
> 22:01:38,9512311 openvpn.exe 27668 CreateFile C:\Temp\lol.conf
> NAME NOT FOUND
>
> in procmon. So would it be enough to set config/engines/modules paths
> as env variables for openvpn and gui? OTOH we also ship openssl.exe,
> which is used by easyrsa?
>
I would be a bit wary of distributing OpenSSL libs with "unsafe" built-in
paths, so probably we may still need to get some good defaults in the
build. My concern is that even C:\Program Files\...\ is probably not safe
enough -- I see that curl developers had the same thought.
https://github.com/openssl/openssl/issues/9520#issuecomment-913562621
Not sure how they solved it. I think they cross-build using mingw which is
much easier to handle.
I think setting env vars would give us extra protection as we can detect
the actual location of Program Files or executable's path at run time.
Selva
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
