Hi, On Thu, Sep 30, 2021 at 7:34 AM Petr Mikhalicin via Openvpn-devel < openvpn-devel@lists.sourceforge.net> wrote:
> New pkcs11-helper interface allows to setup pkcs11 provider via > properties: > https://github.com/alonbl/pkcs11-helper/commit/b78d21c7e26041746aa4ae3d08b95469e1714a85 > > Also pkcs11-helper added ability to setup init args for pkcs11 provider: > > https://github.com/alonbl/pkcs11-helper/commit/133f893e30856eba1de715ecd6fe176722eb3097 > > Signed-off-by: Petr Mikhalicin <mkh199...@mail.ru> > Sorry for the long delay in getting back on this. I somehow also missed the related discussion on Trac ( https://community.openvpn.net/openvpn/ticket/1453) I don't quite understand the need for exposing "init-args" to the user. The only two supported flags in the cryptoki docs are related to the use of threads. But we are the application and we should know what flags to pass --- not the user --- isn't it? If CKF_OS_LOCKING_OK is required, can't we just set it unconditionally? That said, OpenVPN2 is single threaded, so why is there a "bug in openvpn" related to the use of pkcs11 library from multiple threads referred to in the trac ticket? Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel