Hi all,
as most, if not all, of you will be aware, there is an option to pass the certificate passphrase into OpenVPN if you compile OpenVPN with the correct option, yourself. This Molly Guard enables people who know what they are doing to automate the process a little bit more than would be possible, otherwise. My request is that the same thing should be offered for the PKCS#11 interface of 2.1. The discussion about the relative merits of the management console and compiling your own OpenVPN binaries notwithstanding, I feel that this approach is more secure, less prone to failure and eases the overall process a _lot_. Furthermore, this question has already been discussed in the mailing list archives and, back then, it was decided to go the path of Bake Your Own to safeguard people against themselves, at least for the passphrase. Is there any chance that this feature sees the light of day and if yes, is anyone able and/or willing to venture a guess as to when this might be the case? Thank you for all the work on OpenVPN! Richard
