[PATCH 0/6] OpenSSL PKCS#11 improvements
Mon Dec 29 11:17:15 PST 2014
On Thu, Dec 18, 2014 at 03:07:37PM +0000, David Woodhouse wrote:
> If we build with GnuTLS, PKCS#11 use is simple. You just put a standard
> PKCS#11 URI? into the client_cert or private_key fields, and it Just
> Works?. It'll search the PKCS#11 tokens which are enabled in the
> system's p11-kit configuration, and find the object you require.
> (It's not quite perfect though ? it doesn't support using PKCS#11 for
> ca_cert, and it doesn't support tokens that require a PIN. I may look at
> those later.)
> This set of patches fixes the OpenSSL side to behave similarly, so the
> configuration is be the same regardless of which crypto library you
> build against.
Jouni Malinen PGP id EFC895FA
More information about the Hostap