diff options
author | Lev Stipakov | 2022-02-19 01:50:04 +0200 |
---|---|---|
committer | Gert Doering | 2022-03-17 13:59:40 +0100 |
commit | 2612125d7cf5e3c8687a3fab8fba61670ac12f35 (patch) | |
tree | 352394c6fad3f4f8b849693a30dbe57ac8ac35d0 /src/openvpn/crypto_openssl.c | |
parent | 7a50f5f633ca179214d102806c582de9a076ec8a (diff) | |
download | openvpn-2612125d7cf5e3c8687a3fab8fba61670ac12f35.zip openvpn-2612125d7cf5e3c8687a3fab8fba61670ac12f35.tar.gz |
msvc: adjust build options to harden binaries
- enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)
- hash object files with SHA256 (/ZH:SHA_256 compiler option)
- enable SDL. The required to add
_CRT_NONSTDC_NO_DEPRECATE
_CRT_SECURE_NO_WARNINGS
_WINSOCK_DEPRECATED_NO_WARNINGS
preprocessor definitions. I don't feel like replacing strdup (which is
correct POSIX function) and inet_ntoa (we always pass IPv4 address to
it, inet_ntop will make code more complex)
Above issues were discovered by bitskim.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20220218235004.269-1-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23851.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'src/openvpn/crypto_openssl.c')
-rw-r--r-- | src/openvpn/crypto_openssl.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 1c99db0..e553ee6 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -62,6 +62,11 @@ #error Windows build with OPENSSL_NO_EC: disabling EC key is not supported. #endif +#ifdef _MSC_VER +/* mute ossl3 deprecation warnings treated as errors in msvc */ +#pragma warning(disable: 4996) +#endif + /* * Check for key size creepage. */ |