Re: [Openvpn-devel] [PATCH applied] Re: Enable signing via provider for management-external-key

Selva Nair Thu, 20 Jan 2022 08:34:17 -0800

Hi,

On Thu, Jan 20, 2022 at 10:18 AM Gert Doering <g...@greenie.muc.de> wrote:


> Compile and client tested on 1.1.1 and 3.0.1.
>
> Glancing at the code related to management_external_key() does
> not make me very happy... too many build time variants.


"Happiness" is never a word that comes to mind while reading OpenVPN code :)
...

Even at our snail's pace, 2.7 may be out before we can break free of
OpenSSL 1, LibreSSL xyz etc. An option may be to require OpenSSL 3+ or
similar for external keys, or at least for management-external-key.

That feature is really used by only a few platforms (only Android for
now?). Although it's a nifty option that could potentially be leveraged to
remove pkcs11-helper, CNG etc out of OpenVPN core.

Selva

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Re: [Openvpn-devel] [PATCH applied] Re: Enable signing via provider for management-external-key

Reply via email to