aboutsummaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLev Stipakov2021-06-17 09:12:26 +0300
committerGert Doering2021-06-17 10:39:29 +0200
commitabd5ee9b7dc4ba85438da5d16bb7dfb31714dac7 (patch)
tree19a08fb2c8488e4e48a116f6e0e1b44f2c626135 /tests
parent063d55afeea723fc6df0af29a19df257a8ab6920 (diff)
downloadopenvpn-abd5ee9b7dc4ba85438da5d16bb7dfb31714dac7.zip
openvpn-abd5ee9b7dc4ba85438da5d16bb7dfb31714dac7.tar.gz
crypto_openssl.c: disable explicit initialization on Windows (CVE-2121-3606)
Commit a4071b ("crypto_openssl: add initialization to pick up local configuration") added openssl initialization to load configuration file. However on Windows this file is loaded from user-writable directory, such as c:\etc\ssl for mingw builds and (for example) c:\vcpkg\packages\openssl_x64-windows\openvpn.cnf for vcpkg builds. This could be a security risk. CVE-2121-3606 has been assigned to acknowledge this risk. Since aforementioned commit implements a niche feature which might be better solved with CryptoAPI on Windows, make this code conditional (for now). CVE: 2121-3606 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20210617061226.244-1-lstipakov@gmail.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22568.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
Diffstat (limited to 'tests')
0 files changed, 0 insertions, 0 deletions