Hi, On Thu, Jun 17, 2021 at 11:25:02AM -0400, Selva Nair wrote: > This would make it impossible to use openssl.cnf on Windows, wouldn't it? I > use configuraton file to restrict signature algorithms, for example. There > are other uses like configuring engines.
Right.
> Instead of disabling, why not make the default path a restricted location
> within, say, C:\Windows. The user can then override it using env variables.
This is what we tried to achieve, but Lev could not find a way to make
the MSVC build behave wrt "new ETCDIR". I have not personally investigated.
So we decided to release 2.5.3 soonish, with "disable openssl.cnf" to
cover the problem reported, and then see if we can get to a better fix
incrementally (while a "secured" binary is out for users to run).
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
