On Aug 30, 2010, at 5:16 PM, Andre Zepezauer wrote:
> Possibly libksba could replace openssl in the future. It provides the
> functionality required by opensc (certificate and public key handling)
> but without the cryptographic operations. I haven't used it in the past,
> therefore I can't tell you any details. But it may be a target of
> evaluation.
> 
> http://www.gnupg.org/related_software/libksba/index.en.html
> http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/src/ksba.h?revision=322&root=KSBA&view=markup

Alternative possibilities would be nice, but unfortunately OpenSC is pretty 
deeply interwoven with OpenSSL, as it has been an approved library. It would be 
nice to collect Windows specific (mostly registry) code in OpenSC into a 
"platform_windows.c" kind of place and OpenSSL related things to 
"crypto_openssl.c" with a common interface, so that it could be switched to 
"crypto_gnutls.c" for example (or to libksba).

But that's pretty low priority. It also causes some confusion, like unwanted 
behavior differences depending on the chosen crypto library (some Linux 
software can be used with GnuTLS or OpenSSL (and maybe also NSS?) and behave 
differently). At least subversion and the SSL renegotiation issue behaved 
differently with libneon (with OpenSSL) and libneon (with GnuTLS).

-- 
Martin Paljak
@martinpaljak.net
+3725156495

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to