On 10/04/2019 17:58, Selva Nair wrote: > > As I replied to the openssl-users list[*], pkcs11-helper only supports PKCS1 > signatures, not raw signature needed in this case. > > We have to either patch pkcs11-helper or switch to something else.
It would be wonderful to switch it for something else. Unfortunately, it does a lot of gluing between the lower-level operations (similarly available via p11-kit) and the interfaces implemented in OpenVPN is fairly high-level. So this "glue code" which pkcs11-helper is, is not that trivial and last time I checked the alternatives were scarce :( Is this a Windows only issue? Or is it present on other platforms as well? If it's Windows only, I think we can get around it by patching it and ensuring upstream is aware of this. But if it is more platforms, patching pkcs11-helper gets nasty quickly. -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
