Hi, I see the granularity of your patch set as "not right":
On Sun, May 24, 2020 at 01:33:22PM -0700, James Bottomley wrote: > Testing engines is problematic, so one of the prerequisites built for > the tests is a simple openssl engine that reads a non-standard PEM > guarded key. The test is simply can we run a client/server > configuration with the usual sample key replaced by an engine key. > The trivial engine prints out some operations and we check for these > in the log to make sure the engine was used to load the key and that > it correctly got the password. This patch says "add unit tests", but it contains changes to configure.ac and OpenVPN code > configure.ac | 5 + > src/openvpn/crypto_openssl.c | 1 + These two hunks should go to the first patch. Every patch should be fully testable on its own - so if I apply only the first hunk, I should be able to use and test engine keys, without having to apply the "add a unit test" patch set. > diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c > index a7569623..34637ebf 100644 > --- a/src/openvpn/crypto_openssl.c > +++ b/src/openvpn/crypto_openssl.c > @@ -92,6 +92,7 @@ setup_engine(const char *engine) > { > ENGINE *e = NULL; > > + OPENSSL_config(NULL); > ENGINE_load_builtin_engines(); > > if (engine) For that change, I wonder what side effects it might have on existing setups. Arne, can you help? Is this "safe"? gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel