Re: [Openvpn-devel] [PATCH 1/3] Refactor tls_ctx_use_external_private_key()

Sat, 23 Nov 2013 12:13:47 +0000 

Hi,

On Thu, Sep 19, 2013 at 12:47:27PM +0200, [email protected] wrote:
> From: Joachim Schipper <[email protected]>
> 
> OpenSSL's tls_ctx_load_cert_file() had a parameter in which a copy of the
> context's certificate chain was stored on return, used by
> tls_ctx_use_external_private_key() only and free()d immediately thereafter.
> 
> PolarSSL also supported this output parameter, but returned a pointer to the
> context's certificate chain (rather than to a copy of the certificate, as
> OpenSSL does) - which meant that we would have to #ifdef the free().
> 
> PolarSSL cannot make a copy of a certificate chain, and OpenSSL cannot store a
> pointer to (instead of a copy of) the cert.
> 
> So remove the output parameter from tls_ctx_load_cert_file() and incorporate
> the needed functionality directly into tls_ctx_use_external_private_key()
> (which is straightforward for both OpenSSL and PolarSSL, as long as you don't
> try to support both at once.)

While I'm sure this works all nice and dandy for PolarSSL builds, it
blows up for me for OpenSSL builds (in master)...

ssl_openssl.o: In function `tls_ctx_load_cert_file': 
/rhome/gert/src/openvpn-maint/test-build-master/src/openvpn/../../../openvpn/src/openvpn/ssl_openssl.c:537:
 undefined reference to `tls_ctx_load_cert_file_ext'
ssl_openssl.o: In function `tls_ctx_use_external_private_key': 
/rhome/gert/src/openvpn-maint/test-build-master/src/openvpn/../../../openvpn/src/openvpn/ssl_openssl.c:687:
 undefined reference to `tls_ctx_load_cert_file_ext'
collect2: ld returned 1 exit status

This is on a gentoo installation with openssl 1.0.1c - does it need
a more recent version?  Is this based on other patches that we've not
seen yet?

(I'd NAK it, but since it's in and pushed - should have done a test-build
myself, instead of just relying on the buildslaves - could you please 
send a fix?)

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             [email protected]
fax: +49-89-35655025                        [email protected]

Attachment: pgpBEj2mNhVGW.pgp
Description: PGP signature

Reply via email to