I'd like to implement a way to hand over the private key passphrase to
openvpn, to be able to add this feature to my GUI.
We have discussed that this could/should be done via the management
interface that we've discussed alot. However, I'd like to add the
passphrase feature now so I wonder which is the best way to do this.
1. Add a cmd-line option to pass it. (Considered insecure by some).
2. Use an environment variable. Portable? Secure?
3. Start the work on this mgmnt interface and add the passphrase passing
feature as the first cmd.
(1) is easiest to implement and good enough for my use, on single user
windows machines, but perhaps not good enough for multi-user unix systems.
On the other hand, no one is forcing anyone to use this cmd-line option,
so we might start with adding this feature, and then add a way to pass the
passphrase over the management interface when we have that ready.
James, if I create a patch that accepts the passphrase as an cmd-line
option, will you apply it then?
Comments?
--
_____________________________________________________________
Mathias Sundman (^) ASCII Ribbon Campaign
NILINGS AB X NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail
