> Ondra Medek wrote: >> Hi, >> >> I've made easy-rsa 2.0 support for PKCS#11 (it makes a certificate from a >> token). If you are interested, then it is at >> > > Hello, > > Thank you for your patch. > > In my view it lacks the following features: > 1. Allow the user to specify his own PKCS#11 library. > 2. Generate a new key.
This is wide outside of the OpenVPN usage. Is is to be implemented in an PKCS#11 (key) managemement tool but NOT in an VPN daemon. > 3. Load the X.509 certificate into the token. And this too has nonthing to do with the functionality of an VPN daemon. Please: KISS. Keep It Simple and Save. OpenVPN is a small tool to do VPN tunneling. Stuffing not related functionality that seems fancy into it leads to bloatware. Bye Goetz
