[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] PKCS #12 support in OpenVPN

  • Subject: Re: [Openvpn-users] PKCS #12 support in OpenVPN
  • From: Mathias Sundman <mathias@xxxxxxxxxx>
  • Date: Sat, 10 Jul 2004 21:21:17 +0200 (CEST)

On Fri, 9 Jul 2004, James Yonan wrote:

James, could you consider adding pkcs #12 support in OpenVPN in the
future, or would that require to much work?

It would simplify if you only had to specify one file containing your
private key, your public key and the CA cert.

I think especially about when using a GUI to create a config for you, it
would be much easier for the user having to browse for only one file
instead of three.

Does OpenSSL provide pkcs #12 support? If it did, OpenVPN's init_ssl function in ssl.c would be the place to patch to add the support.

I've done my homework now! No, OpenSSL does not nativly support loading a .p12 file from SSL_CTX_use_PrivateKey_file(). You need to first load it into a PKCS12 structure and parse it with PKCS12_parse(). Then you can hand it over to openssl with SSL_CTX_use_PrivateKey() and SSL_CTX_use_certificate().

Found some info regarding this on openssl mail-list:


It doesn't sound to hard. Is it something you would consider implementing
James, or does it have really low priority?

I'd like to see this implemented, though I'm fairly busy right now with finalizing 2.0. Feel free to send me a patch though.

If anyone followed this thread on openvpn-users, I'd just like to say that I posted a patch which adds PKCS #12 support to OpenVPN 2.0_beta7 on openvpn-devel a few hours ago. You can get it from here to:


Mathias Sundman                  (^)   ASCII Ribbon Campaign
NILINGS AB                        X    NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28          / \   NO Word docs in e-mail

Openvpn-users mailing list