Document the usage of --daemon in the openvpn rc script
Hardcoding --daemon is necessary so that openvpn goes into the
background by default, whatever the admin sets in openvpn_flags or their
config file. So document how to pass an optional argument to --daemon,
which is mainly useful when you're running multiple instances (eg IPv4
vs IPv6 and/or UDP vs TCP).
Since there's another ambiguity in the cli arguments parsing,
explicitely tell users to use --config before the config file. Setting
only "openvpn_flags=/config/file" in rc.conf.local cannot work because
the file name would be misinterpreted as the optional argument
to --daemon.
Ambiguity pointed out by and argued with kn@ who proposed a different
approach.
"I think that's fine" sthen@
Remove last internal use of ASN1_STRING_data()
PKCS5_pbe_set0_algor() is no longer public, but its parameters are
provided directly via public API, namely the wonderful PKCS8_encrypt()
and PKCS12_pack_p7encdata().
Muppetry abounds. To wit:
If saltlen < 0, the call to ASN1_STRING_set(pbe->salt, NULL, saltlen)
would error. Let's do that up front in a more obvious way. We don't
care about side-effects to pbe->salt since we free it on error anyway.
If saltlen == 0, we default it to PKCS5_PBE1_SALT_LEN. This is
particularly funky in case the caller passed in salt != NULL, in
which case we can only hope and pray this buffer is long enough.
If the caller passed a salt, copy it to pbe->salt via ASN1_STRING_set().
If there's no salt, allocate a buffer of the appropriate length, fill it
[9 lines not shown]
Reword Tuning for busy servers README-server section
The default kernel semmns limits are too low to work with
PostgreSQL 18. Reword the section to reflect that.
OK sthen@
