Am 12.12.15 um 23:37 schrieb Jonathan K. Bullard: > Hi. > > On Sat, Dec 12, 2015 at 5:23 PM, Arne Schwabe <a...@rfc2549.org> wrote: >> Might not really be related to this but have looked into the work that >> provides the certificates and keys via the managment console? We have >> even have a contrib program that gets certificates from the Mac OS X >> keychain and provides them to OpenVPN. > > Thanks, but I think that should be a separate discussion. That would > work for some situations, but the keychain (actually, OS X has several > keychains) may not be accessible to OpenVPN; files are always > accessible, even before a user is logged in. And I don't think (I'm > doing this from memory, so I might be wrong) that the Keychain patch > allows **all** of the encryption info to be taken from the keychain: I > don't think it allows --secret, --ta, etc.
Yes. But the only reason that --secrect, --ta? etc. is not implmented yet is that nobody needed it so far. Arne
