> > That's a quick (and dirty) hack. > Yes, but seems to do what i want. If more people need this and i have > overseen an official way to configure this it could be implemented > i.e. using opensc.conf.
I'm sure this works with OpenSwan and with NetKey-cards that have additional user-certificates. But NetKey-card without user-certificates won't work at all. So we cannot add this patch into OpenSC. That's why I called this a "dirty" hack. > > Your software should be able to use a certificate even if the private > > key that corresponds to your certificate has a different id. If > > you want to use the private key that corresponds to a certificate > > with a certain id do NOT assume that this private key has the > > same id. > Didnt see this config-option in OpenSwan. First: I have never used OpenSwan nor know anything about it. But from my point of view OpenSwan should allow you to configure BOTH the cert-id and the key-id of the the cert/key pair to be used. Or OpenSwan should only allow you to configure the id of the certificate to be used. In the latter case OpenSwan MUST figure out themself what key must be used for the configured certificate. OpenSwan should NOT assume that the key has the same ID as the certificate as this cannot be true for cards that have more than one certificate per key. So maybe you should inform the OpeScwan team about this problem. Peter -- DSL-Aktion wegen großer Nachfrage bis 28.2.2006 verlängert: GMX DSL-Flatrate 1 Jahr kostenlos* http://www.gmx.net/de/go/dsl _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
