[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: support for arbitrary PKCS11 pin input method

Silvan Marco Fin wrote:

 I searched through tls_m.c for means to enter the token PIN for a
PKCS11 token. I found a call to PK11_SetPasswordFunc(). The callback is
set to tlsm_pin_prompt(), which by itself uses tlsm_get_pin().
tlsm_get_pin() only supports reading the PIN from file or via STDIN. To
be usable within any form of gui, there would have to be some method to
pass a GUI callback to ask for the PIN.
How would this work? Would you pass in a callback function with your private context, and this callback function would be called with the current MozNSS context + your provided context? What would be the possible return values from your callback? What should the code do depending upon each return value? Is there currently a way, via the OpenLDAP API, to pass in such a function and context?
 Do you plan on implementing such a feature in the near future or is
there a proposed way of setting such a callback method?

 Kind regards,