On Tue, 2016-06-07 at 13:02 +0100, David Woodhouse wrote: > Recent versions of engine_pkcs11 are set up to be autoloaded on demand > with ENGINE_by_id() because they don't need explicit configuration. > > But if we *do* want to explicitly configure them with a PKCS#11 module > path, we should still do so. > > We can't tell whether it was already initialised, but it's harmless to > repeat the MODULE_PATH command if it was. > > Signed-off-by: David Woodhouse <David.Woodhouse@xxxxxxxxx> Apologies, Evolution appears to have eaten the whitespace in those patches and turned some spaces in to non-breaking spaces. I'll go file a bug later, but in the meantime they're both at git:// or http://git.infradead.org/users/dwmw2/hostap.git I tested with the use case we *care* about, which is a simple: client_cert="pkcs11:id=%4b%1a%cd%46%22%c4%a0%37%da%8b%45%ad%71%ba%3d%c5%b9%7e%f7%4f" private_key="pkcs11:id=%4b%1a%cd%46%22%c4%a0%37%da%8b%45%ad%71%ba%3d%c5%b9%7e%f7%4f" We should probably make it work without specifying the private_key separately, like it does for PKCS#12 files. -- David Woodhouse Open Source Technology Centre David.Woodhouse@xxxxxxxxx Intel Corporation
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
