On Wed, Aug 22, 2012 at 09:27:14AM +0200, Marc Wäckerlin wrote: > Hi > > I got a proprietary PKCS#11 library (for Post SuisseID smartcard) in > /usr/lib/libcvP11.so. > > There is a configuration option «ssl-pkcs11-provider» in > ~/.subversion/servers. > > But it is absolutely undocumented what this option is, even google doesn't > find > anything useful. The only documentation is: «Name of PKCS#11 provider to use». > > How is the «Name of PKCS#11 provider» defined? It is *not* the name of the > PKCS#11 library, so what is it? > Everytthing I tried results in «unable to load PKCS#11 provider», e.g.: > > user@host:~/svn/project$ LANG= svn up > svn: Invalid config: unable to load PKCS#11 provider '/usr/lib/libcvP11.so' > user@host:~/svn/project$ ls -l /usr/lib/libcvP11.so > -rwxr-xr-x 1 root root 5279688 Jul 6 14:30 /usr/lib/libcvP11.so
If you have neon built with pakchois support, it will try to load "libFOO.so" or "FOO.so" for "ssl-pkcs11-provider = FOO", walking a directory path which is by default /usr/lib/pkcs11 : /usr/lib. So "ssl-pkcs11-provider = cvP11" should work for that PKCS#11 module. This code has tested with a few software tokens and some hardware tokens using OpenSC, but if there are problems with your token let me know. Regards, Joe
