[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
From: hyc@symas.com
Date: Fri, 26 Nov 2010 13:11:17 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

silvan@kernelconcepts.de wrote:
> Full_Name: Silvan Marco Fin
> Version:
> OS: Ubuntu Linux 10.04
> URL:
> Submission from: (NULL) (217.146.132.69)
>
>
> Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the
> possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c are
> reading a PIN from a file or alternativly reading a PIN from STDIN.
>
> To add the needed flexibility to the MozNSS part, an additional callback
> argument to the init function or alternatively an additional set function for
> the callback would be needed.
>
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/pkfnc.html#1023128
>
> provides the signature for the callback function.
>
> Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I
> propose to add an additional set function to OpenLDAPs public TLS API to
> register a callback with the corresponding security library.
>
Probably a good idea. Feel free to submit a patch for review.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#6725) How to install multiple instances of openldap on different port(389, 390 391)
Next by Date: RE : (ITS#6720) back-ldap core dump
Index(es):
- Chronological
- Thread