[PATCH 0/6] OpenSSL PKCS#11 improvements
Jouni Malinen
j at w1.fi
Mon Dec 29 14:17:15 EST 2014
On Thu, Dec 18, 2014 at 03:07:37PM +0000, David Woodhouse wrote:
> If we build with GnuTLS, PKCS#11 use is simple. You just put a standard
> PKCS#11 URI¹ into the client_cert or private_key fields, and it Just
> Works™. It'll search the PKCS#11 tokens which are enabled in the
> system's p11-kit configuration, and find the object you require.
> (It's not quite perfect though — it doesn't support using PKCS#11 for
> ca_cert, and it doesn't support tokens that require a PIN. I may look at
> those later.)
>
> This set of patches fixes the OpenSSL side to behave similarly, so the
> configuration is be the same regardless of which crypto library you
> build against.
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list