NB: Appearance to the contrary, this is not Windows specific, so please read on :)
Hi, In response to the GUI patch that adds support for pkcs11 token prompts (see Trac 740: https://community.openvpn.net/openvpn/ticket/740), got a detailed test report copied below. Essentially, all god except if/when the token is physically removed during the dialog. That results in repeated prompts for re-inserting the token even if the user clicks cancel. It appears this mis-behaviour is seen in command line usageas well so its from openvpn core itself. Any idea how this could be fixed in openvpn or pkcs11-helper library if that is the culprit? As a short-term work around we could have the GUI stop the openvpn process on user pressing cancel in response to token insertion request. I would like to avoid that if possible -- now we set --auth-retry to none and expect openvpn not to retry private key password. That doesn't appear to work in this case. Selva Test report by @bjoernv (Trac 740 comment 16) I tested the latest PR again with a Yubikey 4 and OpenSC drivers. In the following situations the new code works right: 1. Yubikey 4 insert -> start account in OpenVPN GUI -> "Input Password/PIN for Token 'PIV_II (PIV Card holder pin)" dialog -> enter correct PIN -> OK 2. Yubikey 4 insert -> start account in OpenVPN GUI -> "Input Password/PIN for Token 'PIV_II (PIV Card holder pin)" dialog -> Cancel -> Stop -> OK 3. start account in OpenVPN GUI -> "Please insert PIV_II (PIV Card Holder pin) token" dialog -> Cancel -> Stop -> OK In the following more exotic situation the program still runs in an endless loop: 1. Yubikey 4 insert -> start account in OpenVPN GUI -> "Input Password/PIN for Token 'PIV_II (PIV Card holder pin)" dialog -> remove Yubikey 4 -> enter correct or incorrect PIN -> "Please insert PIV_II (PIV Card Holder pin) token" dialog -> last dialog loops regardless if the user chooses OK or Cancel. The user still can press "Disconnect" on the log windows, if he is fast enough to close the session.
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
