[gnutls-dev] GnuTLS PKCS#11 Engine
alon.barlev at gmail.com
Mon May 14 16:25:20 CEST 2007
On 5/14/07, Simon Josefsson <simon at josefsson.org> wrote:
> The license is on the source code, and by using the OpenSSL API I
> believe the FSF would consider pkcs11-helper to be a derived work from
> OpenSSL, and thus GPL-incompatible. This would have to be confirmed
> with the FSF, though.
No... since the OpenSSL is not used in the solution with GnuTLS, it is
not derived work.
> > I don't understand...
> > The simple scute implementation is irrelevant for 99.999% of users.
> That may be true, but as far as I can tell, the simple scute
> implementation doesn't harm anything else, so I don't see a problem with
1. How user can chose which API to select?
2. You need to sync the API.
3. Working PKCS#11 with only one provider is irrelevant... This is not
why PKCS#11 was introduced.
> Yes, that is the point. Applications that wants to support external
> signing will have to do something extra. That can link to your
> gnutls-pkcs11 library, or my scute gnutls-pkcs11 library (there appears
> to be a naming conflict here though), or something else, or even
> implement everything by itself. It is even possible to do all at at the
> same time, if properly multiplexed by the application. The nice
> property is that the core GnuTLS library doesn't need to know about
I don't understand your desire to push a library which is not exactly
Also calling yours gnutls-pkcs11 is misleading, since you really gnutls-scute...
More information about the Gnutls-devel