On Tue, Feb 11, 2014 at 11:09 PM, David Woodhouse <dwmw2 at infradead.org> wrote: >> I'm currently looking at just how awful it would be to convert to using >> Windows events. It's either that or spawn a thread just to handle the >> tun device. > All done. Not quite as horrid as I anticipated. And lays the foundation > for us supporting epoll() if we really want to, too. I guess it wouldn't affect the performance, but if it would be needed, wouldn't it make sense to use something cross platform like libev? > I have yet to find an issue with native push/pull functions in the > 3.1.16 release. If you ship binaries you could simply use a version that works well (like the 3.1.16) and simply drop the wrappers. > And I also finally have interface configuration with 'netsh' working, > after running the OpenVPN tool which creates a *new* tun/tap device. For > some reason the first one was playing silly buggers. If I nab > vpnc-script-win.js from the vpnc distribution and run openconnect with > '--script "cscript vpnc-script-win.js"', it works. > Do we have support for using keys in the Windows certificate store? Only the trusted CAs are loaded from there. For keys I think that this API would work as a smart card so gnutls_privkey_import_ext2() should be used (and only the signing function needed). From people that have already done it, I was told that you need a signing function similar to: http://thewalter.net/git/cgit.cgi/p11-capi/tree/module/p11-capi-rsa.c#n180 regards, Nikos
