Smartcard (pkcs11) support?
David Woodhouse
dwmw2 at infradead.org
Thu Mar 1 18:10:01 EST 2012
On Thu, 2012-03-01 at 20:57 +0000, Sven Geggus wrote:
> Hm, I asked because gnutls seems to have a clean native pkcs11 Interface
> with a unified key/cert adressing scheme.
> Using the sourcecode at
> http://www.gnu.org/software/gnutls/manual/html_node/Client-using-a-smart-card-with-TLS.html
> I have been able now to use my smartcard out of the box adding my
> proprietary pkcs11 library to the pool of available pkcs11 libraries.
If you want to have a go at making OpenConnect use gnutls as a
build-time option, just for the TCP connections, that would give me the
extra motivation to fix up the DTLS bits.
Strictly speaking you only need your token for the *authentication* part
over HTTPS; we could still use OpenSSL for the DTLS bit. But to start
with I'd just disable DTLS in the gnutls build. It shouldn't be hard to
fix that up once we're done with the other bits.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5818 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120302/0236e36e/attachment.bin>
More information about the openconnect-devel
mailing list