On Sep 10, 2:37 am, Nelson Bolyard <[EMAIL PROTECTED]> wrote: > rupertthurnerwrote: > > we noticed that the support for hardware security modules (smartcards) > > storing ssl client certificates in mozilla/firefox is quite good. > > > is it possible to somehow reuse this for serf to provide x509 client > > certificate login for subversion, via the serf library? > > Does serf use NSS for SSL/TLS now? or something else? > > Mozilla uses NSS, a set of c libraries (callable from c++) that provide > SSL/TLS, CMS (the crypto component in S/MIME), and general certificate > and cryptography libraries. In the middle of it all is a library called > PK11wrap that finds the right PKCS#11 module to do each crypto operation > (ALL crypto operations are done in PKCS#11 modules). > > Given that serf is a c library, it should be possible to make it use NSS. > But if it's now using OpenSSL, then the switch to NSS might be a big change. > > Does serf use "modSSL"? If so, there is a "modNSS" that causes Apache to > use NSS instead of OpenSSL. That might be an easy change for you. > > > seehttp://code.google.com/p/serf/issues/detail?id=27. > > What's the difference between issue 27 and issue 8 (which is marked fixed)? > They seem to be describing the same issue. > > /Nelson
the issue 8 was to use client certificates from HARDWARE security modules (chip card), but the fix seem to be for software (pkcs12). if we could change the text of issue 8 it would be the least contradiction i guess :) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
