pkcs11 support fails

[Tom]

Hello Everyone

I'm trying to use openvpn with pkcs11. With the current Tunnelblick release 3.5.6 (and before that) the included openvpn build seams to get hung up with pkcs11.

This problem is mentioned here: https://github.com/Homebrew/homebrew/issues/47754
and a possible solution here: http://www.sparklabs.com/forum/viewtopic.php?p=4806#p4823

As a workaround I've extracted the openvpn build from the viscosity(spark labs) client and just run that form the CLI, which works. The important compile flags seam to be --disable-slotevent" and "--disable-threading" for building pkcs11-helper.

Might this fix be incorporated into Tunnelblick?

Thank you for your great work!

[jkbull...gmail.com]

If you are willing to try out a test version of Tunnelblick 3.6beta20 that has pkcs11-helper built with --disable-slotevent and --disable-threading I can create one and send you a link to it. Email me privately at my Gmail address, jkbullard, to do that.

I haven't been maintaining the PCKS#11 code that was originally submitted to Tunnelblick several years ago – I am handicapped by (A) not knowing much about PKCS#11 and (B) not having a way to test it. It apparently worked for a while, but then there were reports that it didn't work. I'm not sure if something broke or if the original submission only worked for some situations. That code uses pkcs#11-helper and that code may need to be updated, too.

[Tom]

Sounds great, I will send you a message and test it.

[Tom]

Thank you for sending me the build. I had success using it on OSX 10.9.5.

In the meantime for anyone else until Tunnelblick makes this available, you can use the openvpn build in the viscosity client found in: /Viscosity.app/Contents/MacOS/openvpn

You will need to use it directly form the command line, as interestingly Tunneblick checks the checksum of the openvpn binary. Credit to the team for doing this :)

[jkbull...gmail.com]

Tunnelblick 3.6beta22 has been released and includes this fix.