Hello Alon,
good job!
I've tried your patch with my OpenSC token, but it requires me to specify a
provider.
Can you detail what should go in the provider argument?
I've tried to issue a "openvpn --show-pkcs11-slots " with the
following :
- /usr/lib/opensc/engine_pkcs11.so
- engine_pkcs11.so
-
Hello,
I managed to access the smartcard specifying "/usr/lib/pkcs11/opensc-pkcs11.so"
as the pkcs11-provider.
But I get an error message "Cannot sign using PKCS#11 key
84:CKR_FUNCTION_NOT_SUPPORTED"
After doing some research it seems that your patch uses "C_SignRecover" and
"C_SignRecoverIni
At the moment, OpenVPN's management interface can only listen on a TCP port.
Support for listening on a Unix domain socket should be easy, and would be
simpler and more secure for some setups. The configuration file format would
not even need significant change; the "management" option could sim
Lev.
openvpn-2.0.2-pkcs11-20050912.patch.bz2
Description: Binary data
