Nelson Bolyard wrote:
rupert thurner wrote:we noticed that the support for hardware security modules (smartcards) storing ssl client certificates in mozilla/firefox is quite good. is it possible to somehow reuse this for serf to provide x509 clientcertificate login for subversion, via the serf library?Does serf use NSS for SSL/TLS now? or something else? Mozilla uses NSS, a set of c libraries (callable from c++) that provide SSL/TLS, CMS (the crypto component in S/MIME), and general certificate and cryptography libraries. In the middle of it all is a library called PK11wrap that finds the right PKCS#11 module to do each crypto operation (ALL crypto operations are done in PKCS#11 modules). Given that serf is a c library, it should be possible to make it use NSS. But if it's now using OpenSSL, then the switch to NSS might be a big change.
It may not necessarily be such a big change if you use the right tools: http://fedoraproject.org/wiki/nss_compat_osslIs meant to aid in converting openSSL applications over to NSS (in particular it allows you to convert an application so you can choose which toolkit you want to use at compile time).
It's part of the Fedora Crypto Consolidation project: http://fedoraproject.org/wiki/FedoraCryptoConsolidation bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
