gnutls with pkcs
simon at josefsson.org
Tue Feb 26 18:14:43 CET 2008
Pavlov Konstantin <thresh at altlinux.ru> writes:
> Hello, what's the current status of PKCS support in GnuTLS?
> 1.7 branch
> seems being abandoned.
The following APIs where pulled into the stable release based on that
typedef int (*gnutls_sign_func) (gnutls_session_t session,
const gnutls_datum_t * cert,
const gnutls_datum_t * hash,
gnutls_datum_t * signature);
void gnutls_sign_callback_set (gnutls_session_t session,
gnutls_sign_callback_get (gnutls_session_t session,
Those API allows you to connect GnuTLS with any PKCS#11 mechanism, but
you need to do the PKCS11 glue work.
The gnutls-pkcs11 library that did the glue work is not included with
GnuTLS today. The reason is that libgnutls-pkcs11 is linked to Scute at
compile-time. That works fine if you want to use OpenPGP cards, but if
you want to use another PKCS#11 mechanism, you have to recompile the
library. That wasn't very flexible, and it didn't feel finished enough
to include in the stable branch.
Possibly the library could use dlopen instead, opening a library
requested by the application.
Does this answer the question?
Are you interested in seeing the gnutls-pkcs11 library merged? We could
look into what it would take to dlopen some library that the application
More information about the Gnutls-devel