Having .dll for a single executable doesn't make
much sense. Static linking removes 117kb .dll
and grows .exe size by only 4kb.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220216134227.147-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23807.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Commits
- 92535b6 ("contrib/vcpkg-ports: add openssl port with
--no-autoload-config option set (CVE-2121-3606)")
- 447cfb4 ("crypto_openssl.c: disable explicit initialization on Windows
(CVE-2121-3606)")
disabled OpenSSL config loading functionality, which could be
exploited by loading config from untrusted locations.
This feature might be useful for some users. This brings it back
and sets OpenSSL enviroment variables
OPENSSL_CONF, OPENSSL_ENGINES, OPENSSL_MODULES
which are used to load config, engines and modules, to a trusted location.
The location is constructed based on installation path, read from registry
on startup.
If installation path cannot be read, Windows\System32 is used as a
fallback.
While on it, remove unused "bool impersonate_as_system();" declaration.
Trac: #1296
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Selva Nair <selva.nair@gmail.com>
Message-Id: <20211119015548.687-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23248.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
MSFT has merged PR to vcpkg which
added OPENSSL_NO_AUTOLOAD_CONFIG option
https://github.com/microsoft/vcpkg/pull/18389
This means that we don't need to have our own openssl port
and instead we just add
set(OPENSSL_NO_AUTOLOAD_CONFIG ON)
to our custom triplets.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210628080832.510-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22616.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This finally enables standalone MSVC building, without
dependency on openvpn-build/msvc. This makes MSVC build
process much simpler.
Dependencies are managed by vcpkg. To install dependencies, run:
> vcpkg --overlay-ports=<openvpn>\contrib\vcpkg-ports
--overlay-triplets=<openvpn>\contrib\vcpkg-triplets install
lz4:x64-windows-ovpn lzo:x64-windows-ovpn
openssl-windows:x64-windows-ovpn pkcs11-helper:x64-windows-ovpn
tap-windows6:x64-windows-ovpn
To build for other arch, use x86-windows-ovpn or arm64-windows-ovpn.
Custom triplets are defines so that lz4 is linked statically and
other libraries dynamically.
Since we don't have CMake support yet, we cannot use vcpkg manifest
mode, since it doesn't work with overlay ports
(https://github.com/microsoft/vcpkg/issues/12289),
therefore this one-time manual dependency installation is required.
While on it, bump msvc-generate project target version to VS2019 and
cleanup leftovers from compat.vcxproj.filters.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210514045704.686-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22389.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
