Hi, There have been many reports from MacOSX users during last years that PKCS#11 support in OpenVPN is broken for them. The problem seems to be related to forking (using execve()) and PKCS#11. Following post describes the situation well:
http://www.gooze.eu/forums/support/feitian-epass-with-openvpn-tunnelblick PKCS#11 support is started, PIN is asked etc, during first execve() (ifconfig tun0 delete) PKCS#11 system seems to be reinitialised and from second execve() (ifconfig tun0 <address>...) it doesn't return. The last line from pcscd log is "Client failed to authenticate". Avoiding fork at all seems to be a workaround. OpenVPN 2.2 can be forced to use system() instead of execve() and it solves the problem. Unfortunately support for system() is removed from 2.3. Any idea what's going on? The very same setup(s) seems to work for Linux/BSD users. Why? Too old PKCS#11 related stuff (pcscd/ccid) in MacOSX? regards, -- Hasso Tepper _______________________________________________ Muscle mailing list [email protected] http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
