Project

General

Profile

Feature #3458

charon-nm

Added by Yuri B about 2 months ago. Updated about 2 months ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
22.05.2020
Due date:
Estimated time:
Resolution:

Description

This is probably more of a distro packaging problem than strongswan's, but in fedora, when you install strongswan vpn and select "SmartCard" authentication, you actually expect smartcard to work. It seems like that the option doesn't enable pkcs11 module and you have to enable it by hand. This is counter-intuitive and a bad usability.

Maybe ship with a file called /etc/strongswan/strongswan.d/charon-nm.conf with something like:

charon-nm {
  plugins {
    pkcs11 { modules { p11kit {
      load = yes
      path = /usr/lib64/p11-kit-proxy.so

    }}}

    openssl { fips_mode = 0 }
  }
}

History

#1 Updated by Tobias Brunner about 2 months ago

  • Status changed from New to Feedback

This is probably more of a distro packaging problem than strongswan's

I agree, I wouldn't want to have a hard dependency on a optional third party pkcs11 module.

you actually expect smartcard to work

That has never been the case.

It seems like that the option doesn't enable pkcs11 module and you have to enable it by hand.

Exactly.

This is counter-intuitive and a bad usability.

I guess, but on the other hand, it's flexible.

Also available in: Atom PDF