Geoff Elgey wrote:
In my case, I need to know which certificates are suitable for smartcard logon to Active Directory. This means decoding each certificate on the token, checking the extensions for the existence of a UPN in the subject alternative name extension, and for the existence of smartcard logon oid in the extended key usage extension.
Welcome to the life of a CAC middleware developer. :) FWIW, this is exactly what ActivCard does (in the newer versions; older versions had more ... obscure cert selection algorithms).
Since I am only interested in the certificate that can be used for smartcard logon, I am toying with the idea of only making the email signing certificate visible to PKCS#11 to make this easier.
This is certainly an option, but will limit reuse of your code. -- Tim
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel