Waking the dead: LibSoup and NSS



Hi everyone.

Starting out on a new project creating a Kolab groupware plugin for Evolution 
[1], we're faced with the necessity of accessing a webserver (which is part of 
a Kolab groupware setup) to retrieve free-busy-information when planning for a 
meeting.

We need to support SSL with client authentication based on client certificates 
located in a crypto token [2]. We have an (almost fully) working token setup 
which involves NSS, tpm-tools, openCryptorki and Trousers, talking to each 
other via PKCS #11 APIs.

Now, as LibSoup utilizes GnuTLS, I'm not sure how LibSoup's status is here. 
The GnuTLS docs indicate that PKCS #11 support might still be experimental and 
all clients which we tried in our setup (Firefox, Thunderbird, LibCamel's 
IMAPX-implementation) are based on NSS for security stuff.

Reading through mailinglist postings and tickets, I found that there had once 
been NSS support in LibSoup which was dropped at one point since it had never 
really been finished and then GnuTLS stepped in.

However, there had been efforts (Redhat/Fedora?) to revive NSS support in 
order to get LibSoup FIPS-140 compliant (through the use of NSS).

This all being said, I'd like to get to know about the current status of 
LibSoup regarding support for being built with libnss (latest information I 
found dates back from 2008).

Alternatively, has anyone used LibSoup/GnuTLS successfully with a certificate 
token (TPM) using tpm-tools, Trousers and openCryptorki?

Best regards,

	Christian Hilberg


[1] http://mail.gnome.org/archives/evolution-hackers/2010-July/msg00021.html
[2] http://mail.gnome.org/archives/evolution-hackers/2010-August/msg00001.html

-- 
kernel concepts GbR        Tel: +49-271-771091-14
Sieghuetter Hauptweg 48    Fax: +49-271-771091-19
D-57072 Siegen
http://www.kernelconcepts.de/

Attachment: signature.asc
Description: This is a digitally signed message part.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]