Le jeudi 07 avril 2011 à 10:04 +0200, Ludovic Rousseau a écrit : > According to > http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#id298646 > you must use make_hash_link.sh (now renamed in pkcs11_make_hash_link)
Thanks, I was using c_rehash. This is probably the same, no? > > I think I understand. Only local CA certs can > > be used for checking certificates. CAs like CAcert.org cannot be > used. > > Could you explain why? I really don't know why. This is what I read here: From http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#configfile **************** NOTE: Due to OpenSSL library limitations, CA entries must reside in the local file system, and cannot be accessed from a remote server. So although user auth can be done in a remote way, certificate validation must be done locally. ***************** CA entries means 'hash files', right? All this is not very clear. Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel