rupert thurner wrote: > we noticed that the support for hardware security modules (smartcards) > storing ssl client certificates in mozilla/firefox is quite good. > > is it possible to somehow reuse this for serf to provide x509 client > certificate login for subversion, via the serf library?
Does serf use NSS for SSL/TLS now? or something else? Mozilla uses NSS, a set of c libraries (callable from c++) that provide SSL/TLS, CMS (the crypto component in S/MIME), and general certificate and cryptography libraries. In the middle of it all is a library called PK11wrap that finds the right PKCS#11 module to do each crypto operation (ALL crypto operations are done in PKCS#11 modules). Given that serf is a c library, it should be possible to make it use NSS. But if it's now using OpenSSL, then the switch to NSS might be a big change. Does serf use "modSSL"? If so, there is a "modNSS" that causes Apache to use NSS instead of OpenSSL. That might be an easy change for you. > see http://code.google.com/p/serf/issues/detail?id=27. What's the difference between issue 27 and issue 8 (which is marked fixed)? They seem to be describing the same issue. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
