Am 12.12.14 17:52, schrieb Vasily Kulikov: > Hi, > > On Mon, Dec 08, 2014 at 14:52 +0300, Vasily Kulikov wrote: >> This patch adds support for using certificates stored in the Mac OSX >> Keychain to authenticate with the OpenVPN server. This works with >> certificates stored on the computer as well as certificates on hardware >> tokens that support Apple's tokend interface. The patch is very similar >> to, and also based on, the Windows Crypto API certificate functionality >> that currently exists in OpenVPN. >> >> The previous version of the patch was sent by Brian Raderman >> (http://thread.gmane.org/gmane.network.openvpn.devel/3631). The current >> version uses autoconf, doesn't use printf, fixes several small bugs like >> ignoring errors, and it now works with Tunnelblick. The previous version >> has been tested with an Aladdin eToken on Mac OSX Leopard and with >> software only certificates on Mac OSX Leopard and Snow Leopard, as >> reported by Brian Raderman in his email. The current version of the >> patch was tested in Yandex company on ~3000 hosts using several Mac OS X >> versions (10.7, 10.8. 10.9. 10.10) using Tunnelblick. >> >> It was tested both on OpenVPN started from the terminal and using >> Tunnelblick. Renegotiation was tested too. >> >> There are several warnings on Mac OS X related to functions deprecation >> like RSA_new() and similar. However, they are used in other OpenVPN >> code, so I decided not to touch it. >> >> The patch is against commit 3341a98c2852d1d0c1eafdc70a3bdb218ec29049. >> >> Signed-off-by: Vasily Kulikov <seg...@openwall.com> >> -- > Any comments? > None yet. The patch is very large and our time is unfortenately limited. And the number of people how do crypto and Mac OS is even smaller. I haven't have found time yet to look at the code yet. (We don't want to commit unreviewed code).
Arne
signature.asc
Description: OpenPGP digital signature
