[EMAIL PROTECTED] wrote: > > I would like to experiment with the AdNovum PKCS#11 > mods for OpenSSL (looks like the most useable solution > at the moment for both crypto accelerators and smartcards). > > The OpenSSL site contribution area only has the > "pkcs11-adnovum-20011212.tar.gz" file available which doesn't > appear to contain everything required. So if there are some > other pieces to the puzzle required could someone either put > them on the contributions page or repost them to the > openssl-dev mailing list.
You're right, there is a small amount of 'glue' code missing to the contributed pkcs11-adnovum-20011212.tar.gz at [1]. This glue code was submitted earlier (2001/6/15) as an additional patch file pkcs11.openssl.adnovum.20010615.patch.gz and can be found e.g. at [2]. This glue code patch for a start basically added a call to PKCS11_get_private_key in ssl/ssl_rsa.c:SSL_CTX_use_PrivateKey_file and a call to PKCS11_get_cert in SSL_CTX_use_certificate_file (about 20 lines of code each), which was sufficient to support PKCS#11 based RSA private keys and X509 certificates in SSL handshakes. Also contained are some 'crypto/pkcs11/' directory entries to the appropriate makefiles. [Note that newer additions of glue code, e.g. PKCS#11 based CA certificate usage, PKCS#11 based request signing, etc have not yet been published.] Regards, Eric [1] http://www.openssl.org/contrib/pkcs11-adnovum-20011212.tar.gz [2] http://marc.theaimsgroup.com/?l=openssl-dev&m=99258406002987&w=2 -- Eric Laroche <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
