[PATCH 0/6] OpenSSL PKCS#11 improvements

Jouni Malinen j
Mon Dec 29 11:17:15 PST 2014

On Thu, Dec 18, 2014 at 03:07:37PM +0000, David Woodhouse wrote:
> If we build with GnuTLS, PKCS#11 use is simple. You just put a standard
> PKCS#11 URI? into the client_cert or private_key fields, and it Just
> Works?. It'll search the PKCS#11 tokens which are enabled in the
> system's p11-kit configuration, and find the object you require.
> (It's not quite perfect though ? it doesn't support using PKCS#11 for
> ca_cert, and it doesn't support tokens that require a PIN. I may look at
> those later.)
> This set of patches fixes the OpenSSL side to behave similarly, so the
> configuration is be the same regardless of which crypto library you
> build against.

Thanks, applied.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list