Bug 1676

Summary: Add NSS keys support
Product: Portable OpenSSH Reporter: jchadima
Component: SmartcardAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: normal CC: djm, t8m
Priority: P2    
Version: 5.3p1   
Hardware: Other   
OS: Linux   
Attachments:
Description Flags
patch adding the functionality
none
new version of the patch none

Description jchadima 2009-11-28 00:54:12 AEDT 
The netscape security suite is an implementation of the crypto card framework. This patch introduces the possibility to use it with openssh.
Comment 1 jchadima 2009-11-28 00:55:31 AEDT 
Created attachment 1734 [details]
patch adding the functionality
Comment 2 Damien Miller 2009-11-28 09:20:45 AEDT 
NSS seems like a nicer API than using PKCS#11 directly, but it is still incompatibly licensed. I'd rather see alternate key providers implemented as standalone agents than patches to OpenSSH, but we might need to do some plumbing to make this usable (e.g. multiple agent support).
Comment 3 Tomas Mraz 2009-11-30 18:41:06 AEDT 
Why is it incompatibly licensed? The NSS is tri-licensed - MPL, LGPL, and GPL licensed. Both LGPL and MPL should not be incompatible with licenses that apply to OpenSSH code. Of course I'd expect that the NSS support in OpenSSH would always be compiled in only optionally.
Comment 4 jchadima 2010-02-16 00:16:25 AEDT 
Created attachment 1793 [details]
new version of the patch

This patch add library libplc4 to ld to avoid implicit dso linking
Comment 5 Damien Miller 2015-05-01 18:15:34 AEST 
OpenSSH has had PKCS#11 support for some years now, we don't need another way to get at keys on smartcards.
Comment 6 Damien Miller 2015-08-11 23:04:19 AEST 
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1