Hello,
This patch enabled openvpn to access PKCS#11 cryptographic
tokens. It is based on the opensc patch that was post earlier
(http://sourceforge.net/tracker/index.php?func=detail&aid=1114521&group_id=48978&atid=454721).
This patch was tested under Linux. It was tested with the
opensc PKCS#11 provider. Since it works with the opensc
provider and PKCS#11 standard is much more common, it makes
the opensc patch obsolete.
This patch compiles under Windows, but was not tested. I will
be glad if somebody will test it under Windows as well.
The patch is capable of using several PKCS#11 providers at the
same time.
The following options were added:
--pkcs11-providers provider... - Loads a PKCS#11 provider.
--pkcs11-sign-mode - How to perform signature.
--pkcs11-slot-type - Specifies how to locate correct slot.
--pkcs11-slot - Specifies slot name.
--pkcs11-id-type - Specifies how to find certificate and key.
--pkcs11-id - Specifies certificate and key name.
The following standalone options were added:
--show-pkcs11-slots - Displays PKCS#11 slots.
--show-pkcs11-objects - Displays PKCS#11 token contents.
Please refer to man page for further information.
The patch can be found at
http://sourceforge.net/tracker/index.php?func=detail&aid=1293066&group_id=48978&atid=454721
Any comments/suggestions will be gladly accepted
(mailto:alon.bar...@gmail.com).
Special thanks to:
Fritz Elfert - Wrote the original patch.
Iván Casado Ruiz - Updated original patch and helped in
testing this one.
Best Regards,
Alon Bar-Lev.
