Menu
▾
▴
Re: [Opensc-devel] Adding libp11 (or its equivalent) to OpenSSL
|
From: Nikos M. <n.m...@gm...> - 2016-02-27 17:06:18
|
On Sat, 2016-02-27 at 15:55 +0000, David Woodhouse wrote: > On Sat, 2016-02-27 at 10:46 +0100, Nikos Mavrogiannopoulos wrote: > > > > p11-kit is not about desktop. I don't even think it provides any > > desktop integration. It is about configuration of pkcs11 modules in > > a > > system and coordination of the usage of PKCS #11. For example one > > application could use smart cards even if it is linked with all of > > openssl, nss or gnutls (and that's a very common scenario in > > complex > > applications). > > However, those benefits are achieved just by going via p11-kit > -proxy.so > as the default PKCS#11 provider — that's how I already did it for > engine_pkcs11, after all. The p11-kit proxy requires function call rewritting something that cannot work in environments where code generation is prohibited (e.g., apache under selinux in RHEL is like that). Said that, for simplicity p11-kit uses code generation for few other cases which don't relate to the proxy, but these can be fixed; the proxy cannot unfortunately be without any code generation. regards, Nikos |
