[Date Prev][Date Next]
Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api
- From: firstname.lastname@example.org
- Date: Fri, 26 Nov 2010 13:11:17 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Full_Name: Silvan Marco Fin
> OS: Ubuntu Linux 10.04
> Submission from: (NULL) (126.96.36.199)
> Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the
> possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c are
> reading a PIN from a file or alternativly reading a PIN from STDIN.
> To add the needed flexibility to the MozNSS part, an additional callback
> argument to the init function or alternatively an additional set function for
> the callback would be needed.
> provides the signature for the callback function.
> Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I
> propose to add an additional set function to OpenLDAPs public TLS API to
> register a callback with the corresponding security library.
Probably a good idea. Feel free to submit a patch for review.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/