Le jeudi 07 avril 2011 à 08:36 +0200, Dominik Fischer a écrit :
> did you create the hashlinks to your certificates?
Yes, I did using C_rehash. I think I understand. Only local CA certs can
be used for checking certificates. CAs like CAcert.org cannot be used.
Kind regards,
--
Le 7 avril 2011 09:40, Jean-Michel Pouré - GOOZE a écrit :
> Le jeudi 07 avril 2011 à 08:36 +0200, Dominik Fischer a écrit :
>> did you create the hashlinks to your certificates?
>
> Yes, I did using C_rehash.
According to
http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#id298646
you
Le jeudi 07 avril 2011 à 10:04 +0200, Ludovic Rousseau a écrit :
> According to
> http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#id298646
> you must use make_hash_link.sh (now renamed in pkcs11_make_hash_link)
Thanks, I was using c_rehash. This is probably the same, no?
> > I think
Le jeudi 07 avril 2011 à 10:04 +0200, Ludovic Rousseau a écrit :
> Could you explain why?
As you are one the maintainers, could you explain shortly how to
configure CA checking of online CAs. There should be a way to do it
either using opensc mapper or nss mapper.
I spent hours trying to verify
Le 7 avril 2011 10:18, Jean-Michel Pouré - GOOZE a écrit :
> Le jeudi 07 avril 2011 à 10:04 +0200, Ludovic Rousseau a écrit :
>> According to
>> http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#id298646
>> you must use make_hash_link.sh (now renamed in pkcs11_make_hash_link)
>
> Thanks
Le jeudi 07 avril 2011 à 09:08 +, webmas...@opensc-project.org a
écrit :
> +Due to OpenSSL library limitations, CA root certificate entries must
> +reside in the local file system, and cannot be accessed from a remote
> +server. So although user auth can be done in a remote way,
> certificate
>
Le jeudi 07 avril 2011 à 11:21 +0200, Ludovic Rousseau a écrit :
>
> The problem is not if the CA (certification authority) is online or
> not. The "problem" is that the CA root certificate must be on the
> local file system.
> pam_pkcs11 do not reuse CAs root certificates from Firefox or from
> a
Hello Douglas,
Le 05/04/2011 15:36, Douglas E. Engert a écrit :
I would the serialized, so some cards do not have to follow the GUID format.
This could eliminate
the need to have a hash function for OpenSSL.
I've committed the common routines to get the 'classic' serialized form of GUID.
In
Hi Frank,
>> This might have some small variations in the implementations. For
>> instance, the Italian CNS (national almost-eID card) seems to follow
>> 7816-4 where, when using SM authentication, the first block contains
>> CLA, INS, P1, P2 + padding. But the padding is not 80 followed by as
>>
On 4/7/2011 12:10 PM, Viktor TARASOV wrote:
> Hello Douglas,
>
> Le 05/04/2011 15:36, Douglas E. Engert a écrit :
>> I would the serialized, so some cards do not have to follow the GUID format.
>> This could eliminate
>> the need to have a hash function for OpenSSL.
>
> I've committed the common
Le jeudi 07 avril 2011 à 19:26 +0200, Viktor TARASOV a écrit :
> Can be included into MSI the card specific registers related to the
> minidriver ?
Would it be possible to add the .inf for minidriver in the installer. I
still did not understand how to compile with WIX and I would like to
test the
Le mercredi 06 avril 2011 à 22:33 +0200, Jean-Michel Pouré - GOOZE a
écrit :
> Would it be possible to have a simple build script using candle
> without
> Visual Studio? There used to be a script, but it was removed.
I looked at the SVN and found the nmake.exe code.
I ran nmake.exe -f Makefile.ma
12 matches
Mail list logo
