easyrsa_openssl: Replace variable 'has_config' with OPENSSL_CONF #987
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Variable 'has_config' was a way to minimize the need to fully expand the SSL config file (ENV:OPENSSL_CONF) for use by LibreSSL. IE. Only expand the SSL config file when the SSL command requires a config file. LibreSSL Always requires the config file to be expanded, even when it is Not used. OpenSSL Never requires the config file to be expanded. Changes follow. The first part: * Disable expanding the SSL config file for OpenSSL. * Require expanding the SSL config file for LibreSSL. LibreSSL will use the run-once mechanism to expand the SSL config file. The second part: Replace the use of SSL option '-config', by Always configuring the SSL environment variable OPENSSL_CONF to point to the Easy-RSA generated config file. This is supported by LibreSSL and OpenSSL. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
|
This could be a mainframe glitch but that test just shaved off over three seconds of the Linux test. And changed the Windows test from ~2mins to ~1min. Local testing showed a possible minuscule improvement, so maybe this has improved efficiency .. LibreSSL use remains the same, which is expected. |
Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
|
This change looks very invasive. Looks can be deceptive.. All this change does is to allow OpenSSL to use the Easy-RSA generated SSL config file, commonly known as LibreSSL use will continue to expand the SSL config file. And the SSL config file is ALWAYS configured via |
TinCanTech
added
LibreSSL
EasyRSA-OpenSSL-Config
openssl
Major Changes
|
I must thank the original author of Luiz, many thanks. |
This applies to all direct calls using EASYRSA_OPENSSL (Default: 'openssl'), which bypass using easyrsa_openssl() wrapper function. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Variable 'has_config' was a way to minimize the need to fully expand the SSL config file (ENV:OPENSSL_CONF) for use by LibreSSL. IE. Only expand the SSL config file when the SSL command requires a config file.
LibreSSL Always requires the config file to be expanded, even when it is Not used.
OpenSSL Never requires the config file to be expanded.
Changes follow.
The first part:
LibreSSL will use the run-once mechanism to expand the SSL config file.
The second part:
Replace the use of SSL option '-config', by Always configuring the SSL environment variable OPENSSL_CONF to point to the Easy-RSA generated config file. This is supported by LibreSSL and OpenSSL.