Attached are mods to engine_pkcs11 and libp11 to allow the use
of ECDSA sign operations. A new p11_ec.c files is added. The code
still has a lot of debuging statements, fprintf(stderr,..
and needs some polishing.
There is an issue with OpenSSL where ECDSA_METHOD is defined in
an internal header
Peter Stuge wrote:
> As for incomplete, that suggests to me going beyond a technical
> requirement, ie. does the CN actually include all subject's middle
> initials?
Or at least to policy; is subject OU required and missing?
//Peter
___
opensc-devel ma
Brian Thomas wrote:
> The subject of the requirement is to verify that "malformed" or
> "incomplete" certificates cannot be loaded on to the card.
As you may know, X.509 is a low level standard, so what is considered
malformed in one circumstance may be unproblematic in another.
Much more specifi
On Feb 25, 2011, at 7:22 PM, Brian Thomas wrote:
> The subject of the requirement is to verify that "malformed" or
> "incomplete" certificates cannot be loaded on to the card.
I'd assume OpenSSL (which is used to read and parse the certificates) does some
basic syntax/format checks.
But go on, v
Hello,
On Feb 25, 2011, at 7:20 PM, webmas...@opensc-project.org wrote:
> ---
> Allow a key to be used to sign a certificate request
> even if the normal usage does not allow sign.
> This is need when initializing a card when called by
> OpenSSL req -engine
Actually it would be nice to
The subject of the requirement is to verify that "malformed" or
"incomplete" certificates cannot be loaded on to the card.
-Original Message-
From: opensc-devel-boun...@lists.opensc-project.org
[mailto:opensc-devel-boun...@lists.opensc-project.org] On Behalf Of
Peter Stuge
Sent: Friday, Fe
Brian Thomas wrote:
> I need to prove to our customer that OpenSC performs some sort of
> sanity checking before loading a certificate on to a smart card.
Sanity checking of what?
If the requirement is not qualified any further then that is one
stupid requirement.
> PKCS15-init does some kind o
Hello,
I need to prove to our customer that OpenSC performs some sort of sanity
checking before loading a certificate on to a smart card. I know that
PKCS15-init does some kind of checking because when I attempt to load a
certificate on the card after modifying it with a text editor, it fails
Il 23/02/2011 20:04, NdK ha scritto:
Extracted from pcscd log (just masked PIN):
-8<--
openct/proto-t1.c:350:t1_transceive()
SW: 90 00
winscard_msg_srv.c:317:SHMProcessEventsContext() command TRANSMIT
received by client 11
winscard.c:1651:SCardTransmit() Send Protocol: T=1
APDU: 00 2A 9E 9A 23 30
