Re: Re: OpenSwan

Am Donnerstag, 11. Mai 2006 21:48 schrieb Christian Horn:
> On Wed, May 10, 2006 at 11:05:19PM +0200, Andreas Jellinghaus wrote:
> > does openswan use engine_pkcs11 like strongswan
> > or do they still use the native opensc interface?
>
> native opensc, no dep on engine_pkcs11. Thats also how the
> overview on strongswan.org states it.

oops sorry. what I wrote was not useful. the destinction should be
libopensc vs. opensc-pkcs11.so. but if it is linked against libopensc
it uses the native api, not the pkcs#11 standard api.

> Hm.. can the two certs be mixed by any chance, so that the app
> gets the second cert first? Would also solve my need to patch,
> and could also work with more apps.

sorry, so far there is no code to do that I think. but I guess with
the native api you should be able to get all certs for one id,
sc_pkcs15_get_objects can get all certs, so the problem would
be the code that looks for your id and selects the first. you could
instead skip that and look for the next.

> Or some override that can be set in the configfile?

sorry, you are the first user that asks for something like that,
and even to implement it, it would be better to do so in the
application I think.

> no problem, after all its only one application amongst some
> that have to handle the situation.
> Shuffling the two certs with the same id would be the
> easiest help i see.

no idea, I would be better to look at the different applications
first and what they do in detail.

Regards, Andreas