[Openvpn-devel] [L] Change in openvpn[master]: Interpret --key and --cert option argument as URI

Wed, 28 Aug 2024 10:58:27 -0700 

Attention is currently required from: flichtenheld, plaisthos.

selvanair has posted comments on this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/726?usp=email )

Change subject: Interpret --key and --cert option argument as URI
......................................................................


Patch Set 2:

(1 comment)

Patchset:

PS2:
> So I actually tried to use this in a test scenario. […]
The way I tested this using a soft token is described in this gist: 
https://gist.github.com/selvanair/323ccadbef5ae16df2b7ffb80e2d038b

For softhsm2 token I had to set `pkcs11-module-quirks = no-operation-state` in 
provider config (see openssl.cnf in the above link). Without this I got an 
error:

```OpenSSL: error:40800054:pkcs11::reason(84):Error returned by 
C_GetOperationState```

which may be a softhsm2 quirk. Also, for this reason I opted to configure 
providers in openssl.cnf instead of using our `--providers` option which is 
limited in functionality.

With these settings both server and client worked using pkcs11 URI. As for 
hooks, I only tried a simple `tls-verify` script on server-side which does work 
for me. What kind of hooks caused openvpn to hang?



--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/726?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I82b32d5ab472926e7889a5f4a90caba14231879a
Gerrit-Change-Number: 726
Gerrit-PatchSet: 2
Gerrit-Owner: selvanair <selva.n...@gmail.com>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-Reviewer: selvanair <selva.n...@gmail.com>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-Attention: plaisthos <arne-open...@rfc2549.org>
Gerrit-Attention: flichtenheld <fr...@lichtenheld.com>
Gerrit-Comment-Date: Wed, 28 Aug 2024 17:56:56 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: flichtenheld <fr...@lichtenheld.com>
Gerrit-MessageType: comment

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to