Hi everyone. Starting out on a new project creating a Kolab groupware plugin for Evolution [1], we're faced with the necessity of accessing a webserver (which is part of a Kolab groupware setup) to retrieve free-busy-information when planning for a meeting. We need to support SSL with client authentication based on client certificates located in a crypto token [2]. We have an (almost fully) working token setup which involves NSS, tpm-tools, openCryptorki and Trousers, talking to each other via PKCS #11 APIs. Now, as LibSoup utilizes GnuTLS, I'm not sure how LibSoup's status is here. The GnuTLS docs indicate that PKCS #11 support might still be experimental and all clients which we tried in our setup (Firefox, Thunderbird, LibCamel's IMAPX-implementation) are based on NSS for security stuff. Reading through mailinglist postings and tickets, I found that there had once been NSS support in LibSoup which was dropped at one point since it had never really been finished and then GnuTLS stepped in. However, there had been efforts (Redhat/Fedora?) to revive NSS support in order to get LibSoup FIPS-140 compliant (through the use of NSS). This all being said, I'd like to get to know about the current status of LibSoup regarding support for being built with libnss (latest information I found dates back from 2008). Alternatively, has anyone used LibSoup/GnuTLS successfully with a certificate token (TPM) using tpm-tools, Trousers and openCryptorki? Best regards, Christian Hilberg [1] http://mail.gnome.org/archives/evolution-hackers/2010-July/msg00021.html [2] http://mail.gnome.org/archives/evolution-hackers/2010-August/msg00001.html -- kernel concepts GbR Tel: +49-271-771091-14 Sieghuetter Hauptweg 48 Fax: +49-271-771091-19 D-57072 Siegen http://www.kernelconcepts.de/
Attachment:
signature.asc
Description: This is a digitally signed message part.