I've done a quick read over ssl_common.h to be sure the indexes are
valid, and fed this to a light test run (client-side only, for the
start). Looks good, passes.
I can see why Antonio grumbles, but then, ensuring stuff is in a really
well-known state if we suspect it might not always be is a valid line
of defense.
Your patch has been applied to the master and release/2.6 branch.
commit 4cf7409e82580f2890c391372d60ed713ba4650c (master)
commit 5c26918f482f21484527f4b065818863c459b226 (release/2.6)
Author: Arne Schwabe
Date: Tue Dec 13 23:54:30 2022 +0100
Set DCO_NOT_INSTALLED also for keys not in the get_key_scan range
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Antonio Quartulli <anto...@openvpn.net>
Message-Id: <20221213225430.1892940-3-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25681.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
