Menu
▾
▴
Re: [Opensc-devel] [WIP PATCH] Add support for standard PKCS#11 URIs to ENGINE_PKCS11
|
From: David W. <dw...@in...> - 2014-12-14 23:35:02
|
On Wed, 2014-12-10 at 07:52 -0600, Douglas E Engert wrote: > If you think there is a need for this, then get it working and submit > a pull request. https://github.com/OpenSC/engine_pkcs11/pull/9 I even made it work for certificates. Although libp11 is broken for certs larger than 2048 bytes, and I haven't quite worked out why we need to use a LOAD_CERT_CTRL command instead of just having the engine provide a normal load_ssl_client_cert() function. Having fixed the former in my local build and controlled my nausea at the latter for long enough to knock up a test, it's working fine with PKCS#11 URIs for certificates too. Now I can $ openconnect -c 'pkcs11:manufacturer=piv_II;id=%01' vpn.example.com and it works just as nicely as it does when built with GnuTLS. -- David Woodhouse Open Source Technology Centre Dav...@in... Intel Corporation |
