Hi,

On Jun 12, 2009, at 4:04 PM, Kamil Dudka wrote:
> If I understand it enough, you want to replace call of
> nss_Init_Tokens()
> with call of PK11_SetPasswordFunc() completely? I'll try it with the
> NSS
> database and PEM cert/key. If it works, then it should be ok. Since
> I have
> no HW token, I let you play with that. Thanks in advance!

Kind of. Replacing the pre-login with having NSS dealing with it at
the actual request time instead and pass the password along as the
socket pin arg is what I want to do.

There are several advantages to this approach - a) failures are
limited to our cert, b) the curl nss code will be a bit simplier and
c) startup time will be slightly faster.

However we do as Rob says in his email miss the upfront failure.

I'll try write a patch during the weekend.

/claes
Received on 2009-06-12