[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-devel] PKCS#11 and easy-rsa


  • Subject: Re: [Openvpn-devel] PKCS#11 and easy-rsa
  • From: Ondra Medek <ondrejm@xxxxxxxxxx>
  • Date: Fri, 30 Dec 2005 18:26:13 +0100

Hi,


> In my view it lacks the following features:
> 1. Allow the user to specify his own PKCS#11 library.
> 2. Generate a new key.
> 3. Load the X.509 certificate into the token.
> 
> Now when I think of it, issue#1 can be solved by a symbolic 
> link, you can have the configuration point to a local 
> symbolic link that is linked by the script to the requested 
> provider.

maybe LD_PRELOAD is another possibility ...

> And when I look at the new version of opensc (0.10.0) I see 
> that they improved their pkcs11-tool significantly, so that 
> maybe it can be used to generate keys and import certificate 
> for every provider now.
> 
> Are you willing to adjust your implementation and fix these 
> issues? I will do it when I have some free time.


Yes, I already use pkcs11-tool for issue#2 and #3. I can try to do it.

____________________________________________
Openvpn-devel mailing list
Openvpn-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-devel