[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6724) Feature request: support for PKCS11 pin input callback in public TLS api

silvan@kernelconcepts.de wrote:
> Full_Name: Silvan Marco Fin
> Version:
> OS: Ubuntu Linux 10.04
> URL:
> Submission from: (NULL) (
> Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the
> possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c are
> reading a PIN from a file or alternativly reading a PIN from STDIN.
> To add the needed flexibility to the MozNSS part, an additional callback
> argument to the init function or alternatively an additional set function for
> the callback would be needed.
> http://www.mozilla.org/projects/security/pki/nss/ref/ssl/pkfnc.html#1023128
> provides the signature for the callback function.
> Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I
> propose to add an additional set function to OpenLDAPs public TLS API to
> register a callback with the corresponding security library.
Probably a good idea. Feel free to submit a patch for review.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/