Menu
▾
▴
[Opensc-devel] RFC: Renaming engine_pkcs11.so to libpkcs11.so
|
From: David W. <dw...@in...> - 2015-04-29 13:55:10
|
I've just fixed the Fedora packages (for F22+) so that this kind of command line will Just Work with RFC7512 PKCS#11 URIs: $ openssl req -new -keyform engine -engine pkcs11 -key "pkcs11:manufacturer=piv_II;id=%01" Ideally, all of that '-engine pkcs11 -keyform engine' will eventually go away. When you provide a -key argument that starts with 'pkcs11:' it should *infer* that, like GnuTLS and other things do (including OpenConnect when built against OpenSSL+libp11). But in the meantime, we can settle for this because at least it's a massive improvement over what we had before. For now I'm just manually creating a symlink from libpkcs11.so to engine_pkcs11.so in the Fedora package to make '-engine pkcs11' work in the above. I'm not quite sure what is the best way to do that upstream. If we do actually rename, the old baroque way of doing things will stop working. Although it's only a minor tweak. Or perhaps we could make the symlink in the engine_pkcs11 makefiles... except that seems hard since libtool makes the .so file and we don't even know what the extension (.so) is. -- dwmw2 |
