I'd like to know whether the mbedtls FLAVOR can also use pkcs11-helper. Seems to work just fine with ''openvpn --show-pkcs11-ids'' but this is no actual test.
Klemens: could you please test the mbedtls FLAVOR for your use case? Bjorn, do you see a drawback with enabling pkcs11 support? The resulting openvpn--mbedtls binary starts being directly linked to libcrypto, but: - libcrypto comes from libpkcs11-helper-1.pc but openvpn itself doesn't start using libcrypto itself - mbedtls and libcrypto shouldn't conflict Input and oks welcome. Index: Makefile =================================================================== RCS file: /cvs/ports/net/openvpn/Makefile,v diff -u -p -r1.131 Makefile --- Makefile 2 Jan 2025 17:25:13 -0000 1.131 +++ Makefile 2 Jan 2025 22:59:20 -0000 @@ -1,7 +1,7 @@ COMMENT= easy-to-use, robust, and highly configurable VPN DISTNAME= openvpn-2.6.12 -REVISION= 0 +REVISION= 1 CATEGORIES= net security @@ -12,20 +12,24 @@ MAINTAINER= Jeremie Courreges-Anglas <jc # GPLv2 only PERMIT_PACKAGE= Yes -WANTLIB += c lz4 lzo2 +WANTLIB += c crypto lz4 lzo2 pkcs11-helper SITES= https://swupdate.openvpn.org/community/releases/ -BUILD_DEPENDS= textproc/py-docutils +# ensure 'pkcs11-providers .../p11-kit-proxy.so' as default +BUILD_DEPENDS+= security/p11-kit +BUILD_DEPENDS+= textproc/py-docutils LIB_DEPENDS= archivers/lzo2 \ archivers/lz4 +LIB_DEPENDS+= security/pkcs11-helper TEST_DEPENDS= devel/cmocka CONFIGURE_STYLE= gnu CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib ${LDFLAGS}" -CONFIGURE_ARGS+=--with-openssl-engine=no +CONFIGURE_ARGS+=--enable-pkcs11 \ + --with-openssl-engine=no DEBUG_PACKAGES= ${BUILD_PACKAGES} @@ -37,11 +41,7 @@ LIB_DEPENDS+= security/polarssl CONFIGURE_ARGS+= --with-crypto-library=mbedtls WANTLIB += mbedcrypto mbedtls mbedx509 pthread .else -# ensure 'pkcs11-providers .../p11-kit-proxy.so' as default -BUILD_DEPENDS+= security/p11-kit -LIB_DEPENDS+= security/pkcs11-helper -CONFIGURE_ARGS+= --enable-pkcs11 -WANTLIB += crypto pkcs11-helper ssl +WANTLIB += ssl .endif SAMPLES_DIR= ${PREFIX}/share/examples/openvpn -- jca
