[Help-gnutls] Re: GnuTLS vs OpenSSL vs NSS
Simon Josefsson
simon at josefsson.org
Fri May 4 14:18:18 CEST 2007
Daniel Kahn Gillmor <dkg-debian.org at fifthhorseman.net> writes:
> On Thu 2007-05-03 15:38:35 -0400, Simon Josefsson wrote:
>
>> Right, I think we should mention this. There is no equivalent feature
>> in GnuTLS yet, but I'm working on PKCS#11 support to address one aspect
>> of this (client smart card authentication) and made the first release a
>> few days ago.
>
> i'd be interested in reviewing this, if you've got test cases that
> need it. Sorry that i missed the initial announcement. i use an
> eGate smartcard for daily (hooked in via opensc and openct) via PAM
> and openssh [0], and i've got a spare device i could test with.
>
> Can you point me towards something to test?
Neat! It would be very useful to have more testers with other smart
card devices. See the gnutls-dev list, and the recent p11-branch
announcement:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/1976
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/1923
Right now, loading trusted CAs via the Scute PKCS#11 provider works.
If you can point to a PKCS#11 provider for your card, I can see if I can
make GnuTLS support linking to it -- I probably can't test it myself
though.
>> Btw, I'd like to add other free TLS libraries to the list. That's
>> why I made the implementations have one row each in the tables,
>> rather than having the implementations be one column each. This
>> allows the list of implementations to be added easily, without
>> clobbering the page too much.
>
> these might be worth including:
>
> http://yassl.com/
> http://www.matrixssl.org/
>
> (and soliciting feedback from their developers would be a good thing
> for the page, too)
Yup. I'll update the comparison page with all input next week or so.
/Simon
More information about the Gnutls-help
mailing list