-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hello,
I've given 2.1beta4 a try as it includes direct PKCS11 support which looks very promising in being able to run openvpn as a service AND getting the cert from a smartcard. At least I hope I can archieve just that. If i'm totally barking up the wrong tree please tell me right away :) The setup i've been testing is Windows XP OS and SafeSign PKCS#11 provider DLL. The --show-pkcs11-* commands cause the SafeSign PIN code popup to show before openvpn.exe can access the smartcard. Using (--)askpass works fine too when connecting with openvpn but pkcs11-protected-authentication doesn't seem to work: Mon Oct 31 14:35:04 2005 PKCS#11: Adding PKCS#11 provider 'aetpkss1.dll' Mon Oct 31 14:35:06 2005 PKCS#11: Cannot set parameters -'CKR_ARGUMENTS_BAD' Mon Oct 31 14:35:06 2005 Cannot load certificate "........" config excerpt: ca cacert.pem pkcs11-providers aetpkss1.dll ;pkcs11-sign-mode auto ; pkcs11-slot-type label pkcs11-slot MYSLOT ; need to use askpass as: ;pkcs11-protected-authentication ; won't work. Dunno why not as the --show-pkcs11 commands do pop up ; the safesign PIN dialog box askpass pkcs11-id-type label pkcs11-id MYCERT Cheers, Albert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDZiIfKltZixSsH2QRA3GEAJ0YwqnvC63rW8pm0c7O7LNZDopS4gCfUMIa eHDL1I0Sa7lRer+mgMQPpAs= =0ZLt -----END PGP SIGNATURE-----
