[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api

To: openldap-its@OpenLDAP.org
Subject: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
From: silvan@kernelconcepts.de
Date: Tue, 23 Nov 2010 15:55:44 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Silvan Marco Fin
Version: 
OS: Ubuntu Linux 10.04
URL: 
Submission from: (NULL) (217.146.132.69)


Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the
possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c are
reading a PIN from a file or alternativly reading a PIN from STDIN.

To add the needed flexibility to the MozNSS part, an additional callback
argument to the init function or alternatively an additional set function for
the callback would be needed.

http://www.mozilla.org/projects/security/pki/nss/ref/ssl/pkfnc.html#1023128

provides the signature for the callback function.

Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I
propose to add an additional set function to OpenLDAPs public TLS API to
register a callback with the corresponding security library.

Prev by Date: Re: (ITS#5421) slapd vs LDAP_R_COMPILE
Next by Date: Re: (ITS#6603) EAGAIN, EWOULDBLOCK occasionally used without checking #ifdef
Index(es):
- Chronological
- Thread