On Mon, Feb 23, 2015 at 12:55 +0000, David Woodhouse wrote: > On Mon, 2015-02-23 at 09:28 +0100, Arne Schwabe wrote: > > > > Am 23.02.15 um 09:04 schrieb Vasily Kulikov: > > > management-external-cert 'macosx-keychain:SUBJECT:c=US' > > > > > > With the approach in patch v3 a user has to start openvpn with the > > > config file, start keychain-mcd, and pass identity template as an > > > argument to keychain-mcd. > > > > > > What do you think of the change? > > I like the idea. You could make the macos-keychain in the string optional. > > I wouldn't make it optional. Keep it URI-like, with 'macos-keychain' as > the URI scheme.
I'll keep it. I don't have a strict understanding what is the purpose of a default scheme, so I don't declare any default. Also please note that openvpn itself doesn't know about any "scheme", it simply passes the value to a management interface client. A client is the process which parses the value and must know about schemes, default scheme, etc. Thanks, -- Vasily Kulikov http://www.openwall.com - bringing security into open computing environments