I've completed much of the work on GTlsDatabase. I left this work idle for quite a while, sorry bout that.
But the good news is that I've used glib-networking with the gnutls backend to connect to a https website with a key+certificate stored on a smart card, so a lot of the pieces are in place and ready to be used. The work is in branches available here: http://cgit.collabora.com/git/user/stefw/glib.git/log/?h=tls-database http://cgit.collabora.com/git/user/stefw/glib-networking.git/log/?h=tls-database http://cgit.collabora.com/git/user/stefw/glib-networking.git/log/?h=tls-pkcs11 I'd like to work with you on merging this into glib. Since it's a quite a bit of code, I'd like to break it up for review. That's why I'm writing this email. In theory this could be done in a few stages: 1. Review and merge the glib GTlsDatabase and related stuff, along with the basic 'file' implementation in glib-networking. 2. Merge the PKCS#11 based trust assertion stuff. This allows lookup of certificate authorities and pinned certificates in the database. 3. Merge the PKCS#11 client certificate stuff. This allows use of keys on smart cards or in soft token storage. Stage 3 depends on new unreleased versions of gnutls, although I'll be working with them to try and backport things to gnutls 2.12.x. Note: I've tried to consider how these interfaces would be implemented with NSS while developing them, and I believe the design is generic enough not to lock out an NSS (or even OpenSSL) backend. There's several other things that might need work to make the TLS stuff useful for client certificates, but because these branches have already gotten big enough I'd like to get some of them merged before working on further code. If you think this is a good plan, then I'll open bugs for each of these and squash the various relevant commits into reviewable bits. Thanks in advance, Stef _______________________________________________ gtk-devel-list mailing list gtk-devel-list@gnome.org http://mail.gnome.org/mailman/listinfo/gtk-devel-list