mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 12:02:28 +02:00
84d5079b0f
In default configuration OpenSSL loads config from certain location on disk, for example c:\vcpkg\packages\openssl_x64-windows\openvpn.cnf which may pose a security risk. There is "no-autoload-config" config option for OpenSSL which disables this functionality: https://github.com/openssl/openssl/pull/5959 however it is not "exported" to vcpkg. This adds openssl port overlay which sets "no-autoload-config" config option. Here is the diff (indented with "!" to avoid confusing "git am"): ! diff --git a/ports/openssl/windows/portfile.cmake ! b/ports/openssl/windows/portfile.cmake ! index 7a3bf08ed..c873eb756 100644 ! --- a/ports/openssl/windows/portfile.cmake ! +++ b/ports/openssl/windows/portfile.cmake ! @@ -21,6 +21,7 @@ set(CONFIGURE_OPTIONS ! enable-capieng ! no-ssl2 ! no-tests ! + no-autoload-config ! -utf-8 ! ${OPENSSL_SHARED} ! ) There is also corresponsing PR to vcpkg: https://github.com/microsoft/vcpkg/pull/18389 When above PR is merged, this port overlay can be removed. CVE: 2121-3606 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210617061259.297-1-lstipakov@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22569.html |
||
|---|---|---|
| .. | ||
| extract-crl | ||
| OCSP_check | ||
| openvpn-fwmarkroute-1.00 | ||
| pull-resolv-conf | ||
| vcpkg-ports | ||
| vcpkg-triplets | ||
| multilevel-init.patch | ||
| README | ||
This directory contains scripts and patches contributed by users.