openvpn icon indicating copy to clipboard operation
openvpn copied to clipboard
verified publisher icon OpenVPN

ENABLE_X509ALTUSERNAME

Open cron2 opened this issue 1 month ago • 3 comments

Working on https://gerrit.openvpn.net/c/openvpn/+/1388 I came across ENABLE_X509ALTUSERNAME which seems to be off-by-default, and I guess, not very well tested...

This issue is about deciding what to do with it - add test environments that turn it on and excercise it, make it on-by-default, make it unconditionally-on, or rip it out...

cron2 avatar Nov 27 '25 10:11 cron2

Well since we unconditionally enable it in CMAKE when OpenSSL is used it is always on when running Windows binaries.

schwabe avatar Nov 27 '25 11:11 schwabe

default compile (with openssl)

$ size src/openvpn/openvpn
   text    data     bss     dec     hex filename
 970975   10560    1768  983303   f0107 src/openvpn/openvpn

with configure --enable-x509-alt-username:

$ size src/openvpn/openvpn
   text    data     bss     dec     hex filename
 970660   10568    1768  982996   effd4 src/openvpn/openvpn

which is a bit surprising - the resulting executable is smaller?! - so I guess we should just turn this on unconditionally :-)

cron2 avatar Dec 12 '25 14:12 cron2

http://gerrit.openvpn.net/c/openvpn/+/1442 remove ENABLE_X509ALTUSERNAME conditional [NEW]

cron2 avatar Dec 15 '25 12:12 cron2