I'm thinking it would be nice to optimize openssl.cnf for use with(in) SCB so lots of long pathnames and common options can be avoided.
I spent yesterday learning how to create Windows compatible Smart card logon certs too, we could include that in the default config as well, since it's not that trivial to find out otherwise. My goal is to be able to use one card on a standalone client to log in. One option is the GINA way, another to play along with what MS wants. I have not yet verified correct operation but it seems "all" that is needed is a valid CRL, a (possibly blank?) OCSP and a handful of certain X509 extensions. One way to solve it is of course to make a PKCS#11 plugin for pGina that only challenges a key on the card, which would be the equivalent of what happens in .eid on *ix, right? Anyway, that's further into the future. I'll make a patch for Makefile.mak and an openssl.cnf and send it on to the list for review later on. Feel free to comment meanwhile. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
