[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-devel] PKCS#11 and easy-rsa

  • Subject: Re: [Openvpn-devel] PKCS#11 and easy-rsa
  • From: Ondra Medek <ondrejm@xxxxxxxxxx>
  • Date: Fri, 30 Dec 2005 18:26:13 +0100


> In my view it lacks the following features:
> 1. Allow the user to specify his own PKCS#11 library.
> 2. Generate a new key.
> 3. Load the X.509 certificate into the token.
> Now when I think of it, issue#1 can be solved by a symbolic 
> link, you can have the configuration point to a local 
> symbolic link that is linked by the script to the requested 
> provider.

maybe LD_PRELOAD is another possibility ...

> And when I look at the new version of opensc (0.10.0) I see 
> that they improved their pkcs11-tool significantly, so that 
> maybe it can be used to generate keys and import certificate 
> for every provider now.
> Are you willing to adjust your implementation and fix these 
> issues? I will do it when I have some free time.

Yes, I already use pkcs11-tool for issue#2 and #3. I can try to do it.

Openvpn-devel mailing list