On Thu, 10 Mar 2022, Aaltonen Eero via curl-library wrote:
At the moment, only the NSS version of curl supports PKCS#11 card
certificate based client authentication.
Maybe, but I don't think it's the only option that can be made to handle them.
AFAIK most cross OS browsers use NSS. At least Chrome and Opera link to it.
Chrome (and thus all the ones built on Chromium) switched to using BoringSSL
many years ago. Firefox is the last major browser that uses NSS and probably
the last major application over all. Assuming we still consider Firefox major.
NSS is harder than ever to find documentation for
Uh. Have to somewhat agree here. Although they seem to have gotten
their documentation rework somewhat done
This is of course highly subjective but their docs were always abysmal, so
when we can't even find that, the situation is pretty dire.
NSS was always "best" used with Red Hat Linux when they provided
additionalfeatures on top
Not sure what these features are
The ability to load a CA bundle from file is the primary one I thought of.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
