[email protected] wrote: > Full_Name: Silvan Marco Fin > Version: > OS: Ubuntu Linux 10.04 > URL: > Submission from: (NULL) (217.146.132.69) > > > Support for PKCS #11 devices in TLS via MozNSS in OpenLDAP currently lacks the > possibility to "ask" for a PIN via callback. The methods supplied in tls_m.c > are > reading a PIN from a file or alternativly reading a PIN from STDIN. > > To add the needed flexibility to the MozNSS part, an additional callback > argument to the init function or alternatively an additional set function for > the callback would be needed. > > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/pkfnc.html#1023128 > > provides the signature for the callback function. > > Since GnuTLS and OpenSSL provide PKCS #11 support by themselves in some way, I > propose to add an additional set function to OpenLDAPs public TLS API to > register a callback with the corresponding security library. > Probably a good idea. Feel free to submit a patch for review.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
