On 10/09/2007, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > You can always provide your own management interface program that > supply static PIN. No need to change anything in OpenVPN.
Yes, that is what I am doing at the moment. Still, I feel that it would be more reliable, less error prone and, yes, more secure to do it via config file. The argument that you could use the management interface holds true for the passphrase for normal certificates as well, still, after some discussion, the OpenVPN team decided to offer the option with the safety guard of it being a compile time option. I can, of course, not force anyone's hand and make them code or agree to anything, nor would I want to do so even if I could. Still, I would want to ask you _why_ you think this is a bad idea, especially in light of exactly the same thing being available for the established certificate storage system. Best regards, Richard
