Menu
▾
▴
Re: [Opensc-devel] Adding libp11 (or its equivalent) to OpenSSL
|
From: Michal T. <Mic...@st...> - 2016-02-26 15:40:03
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 26.02.2016 15:19, David Woodhouse wrote: > If you have ever contributed to libp11 (or the engine, although I > wasn't going there yet), I would be very grateful for an explicit > response to the question: "May I re-use your code under the > 3-clause BSD licence as seen at > https://opensource.org/licenses/BSD-3-Clause?" Yes, you may. > (There is a separate question, if we get that far, which is "shall > we *change* the licence of the libp11 project to 3-clause BSD?". > Personally I'd say yes to that too.) Yes, we shall. > For a start, I definitely think we should at least add functions > for obtaining an EVP_PKEY or an X509 cert from a PKCS#11 URI alone > — similar to the pkcs11_load_key() and pkcs11_load_cert() functions > in the engine code. Actually I recently merged the engine code into the libp11 repository. For OpenSSL it doesn't matter that the repository currently produces two separate libraries. > I'm also tempted to suggest that we should make it capable of > using p11-kit for the basic module loading and initialisation. > Since p11-kit is "sufficiently ubiquitous" on the platforms where > this is relevant, my approach would probably be to *start* by > depending on p11-kit, and if anyone objects they can do so in 'diff > -up' form. Starting with a full implementation of RFC7512 URI > parsing... I'm not sure what you mean by "depending on p11-kit". I agree p11-kit simplifies configuration on some popular desktop platforms. My point is OpenSSL is not exclusively used on desktop platforms. Shall we really require p11-kit? Wouldn't it limit the portability of OpenSSL? Shall we also merge p11-kit into OpenSSL? Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJW0G1IAAoJEC78f/DUFuAUpysP/1CyYsM7sIaij1+40RQll4lw qiSbSWtPngXSxE8QJnIQdvBm3qByb+DLCShkm4arJC+DWauEdzA7uetrB9PNRzH3 +Mtd1+uOOgP4h8ERt7Kizci4Yns4MvwRPntTb/fC6vmL/wXx9Txznpw5YPHTuo/B rb862yTrk/Hf/kH7sFU4ynUSSs8JhwFPXWqQAsO0MiVv/INPM5APiV0RP7Nc6iuK NJWfb0QPmmezDPYy/4e22h+UPqUq371IWdswX32wlMx9k3aSUSe1JEZZkgpCXaYM IQNuGvf4LIRQy591ME+fDRJQFCt/X3N7b7lAeXKEl7SfZ5mXF/0CNirQDNNM1e7O 9XfHbwrqYFn8pC2XG+YONwMy/6L8X5y+EwkIXGXgE7DvxgDjfzrbpgI5VmcQnQVC qbF5Y2dvp/zBAAJnX/Nk3BnMZn/Hh2GoesY30QMgvINZrNJgLry5PYhnIo+DRmls 3UM1TPC1v+/6GziLkSD7LlaBSwUMdc2JBtv+y4Gnul5TvGFGqqY3crobrIgCneJy HYWJhgyv9hwz1Cieuo4gcqDCQ/jJy2bYrOYrljSWCqH16MnwRW78Vekm7PT7PFGu BVNmGO/nzMIYmU8evW8/XNnhFxMwexyiTWIhLrSbaxxamBO6i1QRj/yJ3fTaZYoe mR0YeeUxj80aojOpK+gq =oQh8 -----END PGP SIGNATURE----- |
