On 12/7/06, Joe Orton <[EMAIL PROTECTED]> wrote:
> This is good as link as you use GUI!
> But what if you use console?
As I said, or you can send the pass phrase over the socket to the
daemon. There would be no need for the callback to supply such a pass
phrase to be process-global, it could be set per-session.
Application -> library -> daemon
Now... Application performs private key operation in library, library
forwards to daemon, daemon returns pin-required, library invoke
callback in application.
Notice that the passphrase is required for TOKEN not specific KEY.
This token can be assigned to multiple sessions... So it is GLOBAL.
> >The point is that there's nothing *neon* can do with this callback. It
> >must always be entirely specific to the application. Say that the call
> >to your library is:
>
> Yes it can.
Could you give a code example to help illustrate your point here?
I tried to... :)
neon certanly supports the mode of operation where the application
selects an appropriate client cert in a callback based on the set of
acceptable CA DNs presented by the server: see ne_ssl_provide_clicert().
The list of CA DNs is given to the callback which can then be compared
against the issuer DN of any certs available using ne_ssl_dname_cmp().
I saw this...
But if you work with multipile sessions you get prompt for passphrase
once for each session.
I guess I'd happily accept patches to add a "cert store" object. Can you
explain how would that help with the PKCS#11 support, won't the issue
with process-global callbacks remain?
You need to understand that introducing smartcards into static
applications requires a change.
I don't know why the issue of global context is so problematic. I really don't.
tried to understand, but failed.
Can you please at least add the:
ne_ssl_client_cert *ne_ssl_clicert_native(X509 *cert, EVP_PKEY *pkey);
I will take care of the rest in subversion patch.
Just thought that it will be more correct to solve this in neon domain.
Modifying the way pkcs12 passphrases are handled to match this one.
Best Regards,
Alon Bar-Lev.
_______________________________________________
neon mailing list
[email protected]
http://mailman.webdav.org/mailman/listinfo/neon
