On Wed, Aug 22, 2012 at 09:27:14AM +0200, Marc Wäckerlin wrote:
> Hi
>
> I got a proprietary PKCS#11 library (for Post SuisseID smartcard) in
> /usr/lib/libcvP11.so.
>
> There is a configuration option «ssl-pkcs11-provider» in ~/.subversion/servers.
>
> But it is absolutely undocumented what this option is, even google doesn't find
> anything useful. The only documentation is: «Name of PKCS#11 provider to use».
>
> How is the «Name of PKCS#11 provider» defined? It is *not* the name of the
> PKCS#11 library, so what is it?
> Everytthing I tried results in «unable to load PKCS#11 provider», e.g.:
>
> user_at_host:~/svn/project$ LANG= svn up
> svn: Invalid config: unable to load PKCS#11 provider '/usr/lib/libcvP11.so'
> user_at_host:~/svn/project$ ls -l /usr/lib/libcvP11.so
> -rwxr-xr-x 1 root root 5279688 Jul 6 14:30 /usr/lib/libcvP11.so
If you have neon built with pakchois support, it will try to load
"libFOO.so" or "FOO.so" for "ssl-pkcs11-provider = FOO", walking a
directory path which is by default /usr/lib/pkcs11 : /usr/lib.
So "ssl-pkcs11-provider = cvP11" should work for that PKCS#11 module.
This code has tested with a few software tokens and some hardware tokens
using OpenSC, but if there are problems with your token let me know.
Regards, Joe
Received on 2012-08-30 14:48:26 CEST