On Fri, Jan 03, 2025 at 07:52:21AM +0100, Bjorn Ketelaars wrote:
> On Fri 03/01/2025 00:29, Jeremie Courreges-Anglas wrote:
> >
> > I'd like to know whether the mbedtls FLAVOR can also use
> > pkcs11-helper. Seems to work just fine with ''openvpn
> > --show-pkcs11-ids'' but this is no actual test
On Sat, Jan 04, 2025 at 01:44:00AM +, Klemens Nanni wrote:
> 03.01.2025 14:15, Stuart Henderson пишет:
> > I wonder if LD_DEBUG will give any clues as to what's happening here.
>
> loading: libcrypto.so.55.0 required by /usr/local/lib/pkcs11/opensc-pkcs11.so
>
> The dlopen()ed module from sec
03.01.2025 14:15, Stuart Henderson пишет:
> I wonder if LD_DEBUG will give any clues as to what's happening here.
loading: libcrypto.so.55.0 required by /usr/local/lib/pkcs11/opensc-pkcs11.so
The dlopen()ed module from security/opensc uses LibreSSL.
I doubt we want mbedtls flavors everywhere.
j
On 2025/01/03 10:59, Klemens Nanni wrote:
> 03.01.2025 09:32, Bjorn Ketelaars пишет:
> > With your diff, pkcs11-helper builds without support for mbedtls. Have a
> > look at the output of configure. BTW, 'make test' fails all tests.
> >
> > I think you also need to pass MBEDTLS_CFLAGS and MBEDTLS_
03.01.2025 09:32, Bjorn Ketelaars пишет:
> With your diff, pkcs11-helper builds without support for mbedtls. Have a
> look at the output of configure. BTW, 'make test' fails all tests.
>
> I think you also need to pass MBEDTLS_CFLAGS and MBEDTLS_LIBS. With this
> mbedtls is picked up, pkcs11-helpe
On Fri 03/01/2025 00:29, Jeremie Courreges-Anglas wrote:
>
> I'd like to know whether the mbedtls FLAVOR can also use
> pkcs11-helper. Seems to work just fine with ''openvpn
> --show-pkcs11-ids'' but this is no actual test.
>
> Klemens: could you please test the mbedtls FLAVOR for your use case?
On Fri 03/01/2025 00:20, Klemens Nanni wrote:
> 03.01.2025 02:29, Jeremie Courreges-Anglas пишет:
> > Klemens: could you please test the mbedtls FLAVOR for your use case?
>
> Doesn't work:
>
> OpenVPN 2.6.12 x86_64-unknown-openbsd7.6 [SSL (mbed TLS)] [LZO] [LZ4]
> [PKCS11] [MH/RECVDA] [AEAD]
>
03.01.2025 02:29, Jeremie Courreges-Anglas пишет:
> Klemens: could you please test the mbedtls FLAVOR for your use case?
Doesn't work:
OpenVPN 2.6.12 x86_64-unknown-openbsd7.6 [SSL (mbed TLS)] [LZO] [LZ4]
[PKCS11] [MH/RECVDA] [AEAD]
library versions: mbed TLS 2.28.0, LZO 2.10
Cannot initia
I'd like to know whether the mbedtls FLAVOR can also use
pkcs11-helper. Seems to work just fine with ''openvpn
--show-pkcs11-ids'' but this is no actual test.
Klemens: could you please test the mbedtls FLAVOR for your use case?
Bjorn, do you see a drawback with enabling pkcs11 support? The
re
