Menu
▾
▴
Re: [Opensc-devel] Adding libp11 (or its equivalent) to OpenSSL
|
From: Nikos M. <n.m...@gm...> - 2016-02-27 09:46:24
|
On Fri, 2016-02-26 at 16:20 +0100, Michal Trojnara wrote: > > I'm also tempted to suggest that we should make it capable of > > using p11-kit for the basic module loading and initialisation. > > Since p11-kit is "sufficiently ubiquitous" on the platforms where > > this is relevant, my approach would probably be to *start* by > > depending on p11-kit, and if anyone objects they can do so in 'diff > > -up' form. Starting with a full implementation of RFC7512 URI > > parsing... > > I'm not sure what you mean by "depending on p11-kit". I agree p11 > -kit > simplifies configuration on some popular desktop platforms. My point > is OpenSSL is not exclusively used on desktop platforms. Shall we > really require p11-kit? Wouldn't it limit the portability of > OpenSSL? p11-kit is not about desktop. I don't even think it provides any desktop integration. It is about configuration of pkcs11 modules in a system and coordination of the usage of PKCS #11. For example one application could use smart cards even if it is linked with all of openssl, nss or gnutls (and that's a very common scenario in complex applications). > Shall we also merge p11-kit into OpenSSL? p11-kit is used by gnutls as well. Integration to openssl would defeat its purpose of coordination between modules. regards, Nikos |
