Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

2015-01-06 Thread Samuli Seppänen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Hi, > > On Fri, Dec 12, 2014 at 19:24 +0100, Arne Schwabe wrote: >>> On Mon, Dec 08, 2014 at 14:52 +0300, Vasily Kulikov wrote: This patch adds support for using certificates stored in the Mac OSX Keychain to authenticate with the OpenVPN

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

2015-01-06 Thread James Bekkema
Hi All, Just to expand on the comments Samuli included below: From a GUI client like Viscosity’s perspective number 1) from Vasily's email is the option we’d take, and ultimately something we were planning on implementing and contributing a patch for down the line anyway (i.e. something similar

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

2015-01-06 Thread Arne Schwabe
>>> Any comments? > Some ideas about keychain implementation out of OpenVPN core. > > I see 4 possible alternatives here: > 1) implement keychain rsa offloading in Tunnelblick > 2) make my patch use plugin interface > 3) implement external daemon that communicated with openvpn process via > managem

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

2015-01-06 Thread David Woodhouse
On Mon, 2015-01-05 at 13:22 +0300, Vasily Kulikov wrote: > > I see 4 possible alternatives here: > 1) implement keychain rsa offloading in Tunnelblick > 2) make my patch use plugin interface > 3) implement external daemon that communicated with openvpn process via > management interface > 4) the s

Re: [Openvpn-devel] [PATCH] Add Mac OS X keychain support

2015-01-06 Thread Gert Doering
Hi, On Tue, Jan 06, 2015 at 04:23:59PM +, David Woodhouse wrote: > That is, after all, fairly much what PKCS#11 was *designed* to provide. Thanks for that hint. Seems we (as in "the currently active developers") really need to look more closely into the gifts we inherited :-) > In fact, doe