Hi Mike,
Having this in a release depends on getting the PR merged upstream.
My patch for updating the API with signature parameters has been merged
into pkcs11-helper, so, in principle, we could now handle this in OpenVPN.
But that takes some effort.
Thanks for testing,
Selva
On Fri, Jul 30,
Hi,
Thanks, I finally got around to testing this with the current
version of OpenVPN from git and it works great on my
Aladin/SafeNet/Gemalto/Thales token (model 510x)
Would be great if this was part of the default build/distribution.
I can now get TLS1.3 working using the pkcs11 interface.
Hi,
Currently RSA-PSS signatures are handled in pkcs11-helper by asking the
token to do raw RSA signature of data already padded by OpenSSL. Many new
hardware tokens refuse to support this mode and require the padding to be
done in hardware.
For a recent user report see this thread:
https://www.m
