Dear Martin,
Thanks a lot for your help. It works now!
After you pointed out re-negotiation, I first tried to find a way to
dynamically request TLS renegotiation from the server (apache tomcat).
All I could find is people thinking that this is a bad idea. I still
think it makes sense in the given example, but I couldn't figure out how.
However, while looking for information I came across a page where
somebody had a very similar issue and uses the JavaScript logout
function (window.crypto.logout(), not everywhere available but at least
it exists in Firefox). This will request the client to forget about
sessions and renegotiate the connection, which is exactly what I need.
Cheers,
Urs
On 02/05/2014 04:15 PM, Martin Paljak wrote:
If you have a web server *and* a client where you can control the
session cache and initiate a re-negotiation, Firefox will try to look
at your token again.
At least this was the case a while ago.
--
Martin
+372 515 6495
On Wed, Feb 5, 2014 at 12:58 PM, Urs Hunkeler <u...@gmx.ch> wrote:
Hi,
I use the GnuPG card and have installed all the software, including Scute. I
configured a server for HTTPS asking for client certificates. When the card
is inserted before requesting the page, I get a request for the user PIN for
the card, and then the certificate is exchanged with the server as desired,
and everything works fine.
When the card is not inserted, my web application detects that no
certificate has been sent and shows a login-failed message. If I then insert
the card and reload the page, the card is not accessed and login still
fails. I actually have to terminate and restart Firefox for it to use the
card (shift-click on reload does not work either).
Ideally, I would like to be logged out when I remove the card and logged in
when I insert the card. Mozilla provides an unofficial JavaScript object to
detect card insertion/removal
(https://developer.mozilla.org/en-US/docs/JavaScript_crypto). The JavaScript
code detects successfully insertion and removal of the card. Using mozilla's
example script, when I remove the card, the page is reloaded, but displays
an error message. I can probably hide the error message by verifying the
connection in the background (AJAX) or reloading the page with a delay.
However, when I insert the card, the page is still reloaded but the client
certificate is not used.
Is there a way to reload a page and explicitly request that the SmartCard be
accessed? Or do you have any suggestions for a work-around?
Sincerely,
Urs
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
