On Thu, 2014-10-09 at 19:25 +0200, Milan Crha wrote:
On Thu, 2014-10-09 at 13:48 +0200, RHE wrote:Sounds great! Just found the code - it was submitted @ Sept. 2... ...based on your experience as GnomeDev, how quick can we expect to have this module released within the application? (devel || stable) ...based on wiki info you have a monthly release schedule - or do you might have NightlyBuilds on this already?Hi, the monthly release is correct. I'm not aware of any nightly builds, they are not done by the Evolution team for sure. I'm not sure whether this will reach 3.12.x (stable), but it should reach the development version (3.13.x) soon. If I'm not mistaken, then the merge is awaiting for some fixes on the EWS side and then on a final review from dwmw2.
Right. In order for evolution-pkcs11 to work with a given addressbook back end, the back end needs to support the (relatively) new cursor API. Our EWS code didn't. And needed to be updated in various ways before it could. All of which is now done. It's even backported to the 3.12 branch except for the final commit in the sequence which actually *enables* cursor support. I've also tweaked the default indexing of the database in order to make the lookup more efficient. I haven't looked at whether the LDAP back end supports cursors, but if it does then evolution-pkcs11 should be OK. After that there are some other efficiency issues, where the NSS and Evolution code just behaves *badly* if it suddenly has 13,000 X.509 certificates. The biggest issue being bug 736808, where not only dies it iterate over the list three times, but NSS uses a O(n²) algorithm to do so. Then we should be able to enable the evolution-pkcs11 module within Evolution automatically. And distributions could even look at making it available via p11-kit to general consumers of PKCS#11 too.
You might check whether evolution-data-server reads the certificate from your LDAP server. I briefly looked into the code and it seems like it should read the information from a "userCertificate" LDAP attribute.
Sounds good. So let's try it and see if it works. -- dwmw2
Attachment:
smime.p7s
Description: S/MIME cryptographic signature