[PATCH 0/6] OpenSSL PKCS#11 improvements

Jouni Malinen j at w1.fi
Mon Dec 29 14:17:15 EST 2014


On Thu, Dec 18, 2014 at 03:07:37PM +0000, David Woodhouse wrote:
> If we build with GnuTLS, PKCS#11 use is simple. You just put a standard
> PKCS#11 URI¹ into the client_cert or private_key fields, and it Just
> Works™. It'll search the PKCS#11 tokens which are enabled in the
> system's p11-kit configuration, and find the object you require.
> (It's not quite perfect though — it doesn't support using PKCS#11 for
> ca_cert, and it doesn't support tokens that require a PIN. I may look at
> those later.)
> 
> This set of patches fixes the OpenSSL side to behave similarly, so the
> configuration is be the same regardless of which crypto library you
> build against.

Thanks, applied.
 
-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list