Hi, > There are two ways to select a certificate: > > a) by CKA_ID and optionally by slot > ... > > b) by enumeration (positional parameter) > ... > > strongSwan can now select one of the certs using the position > #1, #2, #3, #4. Currently in order to retrieve the desired certificate > and to use the private key, the 'slot' and the CKA_ID is used > for the actual query. > > If according to your proposal all certs belonging to a common private > key must have the same CKA_ID then additionally I would have to > include either the 'subject' or 'the label in the PKCS#11 query > in order to achieve a unique resolution to a single cert.
I would recommend to select the certificate by CKA_VALUE. Its the only mandatory PKCS#11-attribute that uniquely identifies a certificate :-) Peter -- 10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail +++ GMX - die erste Adresse für Mail, Message, More +++ _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
