On 26/07/17 10:02, David Woodhouse wrote: [...snip...] > > Well yes, that's true. But it's more likely that I'll finally get round > to porting OpenVPN to something other than pkcs11-helper before that > happens, unfortunately.
TL;DR: If you or anyone else have a chance to look into this, we will appreciate that effort enormously! Just grab us on ML or the #openvpn-devel IRC channel (FreeNode) and we can discuss it further. Steffan and I discussed what is needed to be done to port p11-kit awhile ago; we're also not too happy about the pkcs11-helper dependency. If we had only had support for one SSL library, it probably would have been somewhat simpler. But as we strive hard to have both mbed TLS and OpenSSL builds to be fairly feature comparable (from an OpenVPN perspective), this gets a bit more challenging. IIRC, one of the more challenging parts here is to get p11-kit to play nicely along with mbed TLS. We are concerned that there are some need to also adopt mbed TLS to support p11-kit. However, I quite recently heard some rumours that mbed TLS provides some API for offloading sign and decrypt operations outside of the library; that needs to be investigated further and to consider if this is a better way for the integration. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
