On Fri, 9 Jul 2004, James Yonan wrote:
James, could you consider adding pkcs #12 support in OpenVPN in the
future, or would that require to much work?
It would simplify if you only had to specify one file containing your
private key, your public key and the CA cert.
I think especially about when using a GUI to create a config for you, it
would be much easier for the user having to browse for only one file
instead of three.
Does OpenSSL provide pkcs #12 support? If it did, OpenVPN's init_ssl
function in ssl.c would be the place to patch to add the support.
I've done my homework now! No, OpenSSL does not nativly support loading a
.p12 file from SSL_CTX_use_PrivateKey_file(). You need to first load it
into a PKCS12 structure and parse it with PKCS12_parse(). Then you can
hand it over to openssl with SSL_CTX_use_PrivateKey() and
Found some info regarding this on openssl mail-list:
It doesn't sound to hard. Is it something you would consider implementing
James, or does it have really low priority?
I'd like to see this implemented, though I'm fairly busy right now with
finalizing 2.0. Feel free to send me a patch though.
If anyone followed this thread on openvpn-users, I'd just like to say that
I posted a patch which adds PKCS #12 support to OpenVPN 2.0_beta7 on
openvpn-devel a few hours ago. You can get it from here to:
Mathias Sundman (^) ASCII Ribbon Campaign
NILINGS AB X NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail
Openvpn-users mailing list