Re: [opensc-devel] Opensc minidriver for base csp.
Hi Jan, Yes, I've started again to work on this since the begin of year, I try to make it working with at least version 6 of 'minidrivers' this should work with windows 7. I plan to send a patch in few days to show progress and get feed back. My goal is to have a first release that we can integrate in opensc and improve (the last version of 'minidrivers' is 7)... Regards, François -Message d'origine- De : Jan Suhr [mailto:j...@suhr.info] Envoyé : mardi 12 janvier 2010 18:34 À : François Leblanc Objet : Re: [opensc-devel] Opensc minidriver for base csp. Hi Francois! I read your patch for OpenSC and Windows base CSP from October. It would be really great to get OpenSC work this way! Do you plan to work on this patch later on? Regards Jan -- Jan Suhr OpenPGP key: http://user.cs.tu-berlin.de/~jansuhr/jansuhr.asc Anonymous e-mail: https://www.awxcnx.de/jansuhr.msg ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Trac openid auth
Andreas Jellinghaus wrote: > I don't want to use any major website for my authentication, > and don't want to force that on other people. so we would need > to offer some provider ourself, and the software packages I > saw for that are mostly unmaintained for years. It's possible to have both openid and authmanager login in Trac, I've set this up once. (Though it means two login and logout links in the Trac menu bar.) There are several openid providers which are well maintained, a couple of them are very simple and some are even for single-user use. A few links: http://wiki.openid.net/Run-your-own-identity-server http://siege.org/projects/phpMyID/ http://www.intertwingly.net/blog/2006/12/28/Unobtrusive-OpenID http://www.intertwingly.net/blog/2007/01/03/OpenID-for-non-SuperUsers I used to be very sceptical, but it is actually not such a bad idea. //Peter ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] https and opesc-project.org svn access
Hi everyone, some of you might notice that you can surf to https://www.opensc-project.org/ but your web browser will give you an error when you go to https://www.opensc-project.org/svn/opensc/ For all projects on opensc-project.org we allow everyone to access the svn repositories write only. But only about 20 developers have write access too. Write access is implemented with x.509 certificates and ssl client authentication. The technical background is close to this: everyone can connect to https port of the web server and not present a client certificate (the server isn't asking for one). but if your https request concerns the svn repositories (/svn/ and below), then the server is configured to ask "do you want to show me a certificate?". and later it looks at the request: read-only requests are always granted, but any write request is only allowed, if a proper client certificate was presented in the ssl communication. The problem is this: the implementation of this uses a feature called "renegotiation" - first server and client build the ssl connection without a client certificate, then the server changes the existing connection to ask the client, if it wants to present one (but only if a certain request was given to the server). for that reason subversion only works if compiled with openssl and not with gnutls - because the gnutls developers didn't implement renegotiation. A security problem with this ssl renegotiation feature was discovered and the problem is in the protocol, so all complete implementations of ssl are affected. the quick fix for many vendors now is this: they disable renegotiation feature, as only few people use it. so if your web browser is up to date, you can no longer surf to /svn/ on our website with https. but you can still do that without ssl encryption. at least for me subversion still works fine, so no need to change anything right now. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
