Menu
▾
▴
[Opensc-devel] Need for simple C_Initialize [was: Issues connecting to OpenVPN with Smartcard]
|
From: Nikos M. <n.m...@gm...> - 2013-02-20 15:53:36
|
On 02/20/2013 02:50 PM, Martin Paljak wrote: > Looking at PKCS#11 v2.20, 6.6.1 Applications and processes > It tells: > In the scenario specified above, C should actually call C_Initialize > whether or not it needs to use Cryptoki; if it has no need to use > Cryptoki, it should then call C_Finalize immediately thereafter. This > (having the child immediately call C_Initialize and then call > C_Finalize if the parent is using Cryptoki) is considered to be good > Cryptoki programming practice, since it can prevent the existence of > dangling duplicate resources that were created at the time of the > fork() call; however, it is not required by Cryptoki. And that looks like a very good reason why C_Initialize should be simple in OpenSC and not take several seconds (e.g., by trying to probe the inserted cards). Consider enabling smart card support with opensc in a forking server and then realize that each child would wait 4-6 seconds for C_Initialize on creation, irrespective whether smart cards are used on it. regards, Nikos |
