PKCS11 support missing?

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Start a VPN connection with an eToken (on pkcs11 interface)
2. Openvpn cannot recognize "pkcs11_providers"

What is the expected output? What do you see instead?
Config file: pkcs11-providers /usr/local/lib/libeTPkcs11.dylib.
System.log: openvpn[64865]: Options error: Unrecognized option or missing 
parameter(s) in 
/Users/jdg/Library/openvpn/tv2.ovpn:49: pkcs11-providers (2.1_rc15)

The lib is there, Firefox can use it properly.

What version of Tunnelblick are you using? On what version of OS X? PPC or 
Intel?
Tunnelblick 3.0b10 on Leopard 10.5.5 (Intel)

Please provide any additional information below.
Nov 22 16:31:30 Vodka [0x0-0x377377].com.openvpn.tunnelblick[53709]: kextload: 
extension 
/Applications/Tunnelblick.app/Contents/Resources/tap.kext is already loaded
Nov 22 16:31:30 Vodka [0x0-0x377377].com.openvpn.tunnelblick[53709]: kextload: 
extension 
/Applications/Tunnelblick.app/Contents/Resources/tun.kext is already loaded
Nov 22 16:31:30 Vodka openvpn[64865]: Options error: Unrecognized option or 
missing 
parameter(s) in /Users/jdg/Library/openvpn/tv2.ovpn:49: pkcs11-providers 
(2.1_rc15)
Nov 22 16:31:30 Vodka openvpn[64865]: Use --help for more information.

Original issue reported on code.google.com by tamas.b...@gmail.com on 22 Nov 2008 at 3:39

[GoogleCodeExporter]

The OpenVPN binary used by Tunnelblick currently is not built with PKCS11 
support.

Original comment by batman...@gmail.com on 22 Nov 2008 at 10:18

[GoogleCodeExporter]

Tamas

I've have a build with PKCS11 enabled available at 
<http://www.haque.net/software/tunnelblick/Tunnelblick-
svn_r70-mhaque.dmg>.

Please try and see if there are any issues related to PKCS11. I will submit a 
patch enabling support if there are no 
immediate issues.

Original comment by batman...@gmail.com on 23 Nov 2008 at 12:07

[GoogleCodeExporter]

It works like a charm, thank you! Only thing im missing is that the client 
doesn't ask for a password for the 
token, but i think i have to figure out how to do that :)
Thanks anyway for the quick reply!

Original comment by tamas.b...@gmail.com on 23 Nov 2008 at 3:32

[GoogleCodeExporter]

I couldn't figure it out :(
I'm not sure if this is an openvpn or tunnelblick issue, but when I use your 
openvpn binary as cmd line client, it 
asks for my password (the eToken has a password to get the certificate) 
properly and successfully connects to 
the vpn. But if I use the gui client it stops at "Authorizing" and it doesnt 
ask for my password.

Original comment by tamas.b...@gmail.com on 23 Nov 2008 at 11:10

[GoogleCodeExporter]

Won't work without some retooling. Tunnelblick communicates with the OpenVPN 
binary over the management 
socket.

Original comment by batman...@gmail.com on 23 Nov 2008 at 3:39

[GoogleCodeExporter]

Actually that's great. I googled a bit and found this: 
http://osdir.com/ml/network.openvpn.devel/2005-
11/msg00002.html There is perl script also (for kde) in the last message, maybe 
it could be useful for you. They 
talk about windows but I tested the method and is works fine on macos too, I 
can pass the PIN to openvpn with 
the management interface.

Original comment by tamas.b...@gmail.com on 24 Nov 2008 at 9:22

[GoogleCodeExporter]

Original comment by angelol...@gmail.com on 26 Nov 2008 at 8:13

• Changed state: Accepted

[GoogleCodeExporter]

PKCS#11 support has been added to the trunk as r88. See Issue 89 for details.

Original comment by jkbull...@gmail.com on 20 May 2009 at 3:39

• Changed state: Fixed