My mail got just bounced because it's too big so here it is again without the patch ... Ill upload the patch to the SF patchmanager.
Hi guys, I played around with OpenVPN on Fedora FC3 and Win2K and found it pretty nice. Since i use the OpenSC (http://www.opensc.org) SmartCard framework on both Win32 and Linux anyway, i wanted OpenVPN using it also .... So here is a patch which adds OpenSC SmartCard support. The patch is versus OpenVPN 2.0rc6 and is tested on both Linux (Fedora FC3) and Win2K (built with VC6). Some details and remarks: Most of the stuff is in 4 new files: opensc.c opensc.h - The basic OpenSC support, similar to win32 cryptoapi support. askphrase.c askphrase.h - A minimalistic GUI (native GDI on Win32, native X11 on Unix) for several dialogs: - Requesting the user to insert his Card into the Reader (or an USB token or whatever OpenSC-supported device) - Asking for a PIN to access the SmartCard The GUI gan be built both as a standalone app as well as _builtin_ into openvpn (which i prefer). On Win, the GUI is capable to interact with the user even when it is running as a service. On Linux, it needs a DISPLAY envvar to know where to connect and of course permission to connect to the users display. When built standalone it is something like openssh-askpass or pinentry. Currently, calling it from within openvpn is not implemented (would be similar like in openssh) but you can try it on a console. Other (small) changes: - Added an option for OpenSC: --opensc-cert argument is the cert-id as hex-string (just like in openssh) - Added some code to tweak logfile permissions on Win32. - Added some code to make running setuid on Linux working. - Added a new subdir "win32" with Visual Studio project files, resouces icons etc.) - Added misc automake stuff for Linux Notes: On Win32, the binary distribution of OpenSC is linked agains a different openssl version. Since you cannot use 2 versions of the same DLL from within one binary, on Win32 one must rebuild OpenSC and/or OpenVPN linking against the same openssl lib. The icons for the win32 subdir cannot be in a patch - therefore separately attached. I plan to build a more client-oriented multi-platform GUI (using wxWidgets) which runs as a service on win32 (making openvpnserv.exe unnecessary) and uses probably management IF on Unix (should be extended to use Unix-Sockets). I also have an InnoSetup based Installer here (i don't like nsis) here just in case someone is interested. Well, for now thats all ... awaiting your comments / discussion .. - Fritz -- Fritz Elfert <fritz.elf...@millenux.com> Millenux GmbH Lilienthalstr. 2 Phone: +49 711 88770 300 70825 Stuttgart FAX: +49 711 88770 349 --------------------------------------------------------------------------
pgplvmJfMIVhA.pgp
Description: PGP signature
