Hello David,
Please also work to document this commit (management-notes, man).
It is extrenely important feature, for example it can be used to move
the whole smartcard
interaction to the UI.
This feature should be extended to provide X.509 certificate as well,
it is incomplete without this.
Alon
---
commit cf69617bbea45a15423c4188daa9386debcbe1ec
Author: James Yonan <ja...@openvpn.net>
List-Post: openvpn-devel@lists.sourceforge.net
Date: Thu Dec 9 11:21:04 2010 +0000
Added "management-external-key" option. This option can be used
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
