[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
- From: hyc@symas.com
- Date: Fri, 26 Nov 2010 13:11:17 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
silvan@kernelconcepts.de wrote:
> Full_Name: Silvan Marco Fin
> Version:
> OS: Ubuntu Linux 10.04
> URL:
> Submission from: (NULL) (217.146.132.69)
>
>
> Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the
> possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c are
> reading a PIN from a file or alternativly reading a PIN from STDIN.
>
> To add the needed flexibility to the MozNSS part, an additional callback
> argument to the init function or alternatively an additional set function for
> the callback would be needed.
>
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/pkfnc.html#1023128
>
> provides the signature for the callback function.
>
> Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I
> propose to add an additional set function to OpenLDAPs public TLS API to
> register a callback with the corresponding security library.
>
Probably a good idea. Feel free to submit a patch for review.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/