I would be grateful if someone could cast an eye over the code at http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/c24046b93 which I have added to the OpenConnect VPN client for supporting TOTP/HOTP keys from a Yubikey NEO.
I wish client applications *didn't* have to get involved with libpcsclite and specific hardware details — imagine what the world would be like if we had to do the same for SSL keys, and PKCS#11/OpenSC didn't exist. But this is at least a functional start. Have I done the correct thing with the locking, using SCardBeginTransaction and reselecting the applet each time? It seems to make this code interoperate happily with OpenSC talking to the PIV applet on the same device. Is it a problem that I keep the card handle around for the entire lifetime of the VPN session? I assume I'm preventing another SCardConnect() from getting SCARD_SHARE_EXCLUSIVE access to the device but should I *care* about that, enough to hook up some kind of "all authentication is done now and you can call SCardReleaseContext()" event sooner in the lifetime of the program? Using pcsc-spy it looks like OpenSC is keeping *its* handle open, so I haven't bothered. Are there TLV handling functions/macros that I should be using instead of reinventing the wheel? And what else have I done wrong that I *haven't* even thought about or noticed? :) Any constructive feedback would be gratefully received. Thanks. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Pcsclite-muscle mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pcsclite-muscle
