C. Ruiz, Ivan wrote: >The problem is clearly on OpenSC pkcs#11 implementation, but with the option --pkcs11-sign-mode > you have included we can workarround it!
OK... So we can close this issue. > I agree to drop support for OpenSC. The PKCS#11 approach works well with OpenSC and it will > broad the support for other PKCS#11-aware smartcards/libraries. Great... So we continue with request to merge the PKCS#11 code into openvpn. > Can the code check wether there's a PIN specified by the user before calling pkcs11_openSession and > give a message like "You need to specify a PIN to access the smartcard."? OK... I've already added --pkcs11-protected-authentication in the last patch... So if it is not given and there is no --askpass - I will add a failure. One more task for me is to support more than one PKCS#11 provider... I will do this in the next weekend. Best Regards, Alon Bar-Lev.
