I'm thinking it would be nice to optimize openssl.cnf for
use
with(in) SCB so lots of long pathnames and common options
can
be avoided.
I spent yesterday learning how to create Windows compatible
Smart
card logon certs too, we could include that in the default
config
as well, since it's not that trivial to find out otherwise.
My goal is to be able to use one card on a standalone client
to log
in. One option is the GINA way, another to play along with
what MS
wants. I have not yet verified correct operation but it
seems "all"
that is needed is a valid CRL, a (possibly blank?) OCSP and
a
handful of certain X509 extensions.
One way to solve it is of course to make a PKCS#11 plugin
for pGina
that only challenges a key on the card, which would be the
equivalent
of what happens in .eid on *ix, right?
Anyway, that's further into the future. I'll make a patch
for
Makefile.mak and an openssl.cnf and send it on to the list
for
review later on. Feel free to comment meanwhile.
//Peter
_______________________________________________
opensc-devel mailing list
opensc-devel lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
|