Our build system uses pcsc-lite-1.5.5, which was released 2009-07-28. That's almost 7 years old. Even Debian uses a more modern version: 1.8.4, from 2012. Apparently we are only using the header files, but even so, IMHO it's not a good thing to build with header files which are very different from the runtime system. Another problem is that we will not detect when our code does not build with more modern versions. This affects the case of building, say, the ThinLinc client outside cenbuild, but also upstream projects such as rdesktop. If we do not want to / cannot upgrade to the latest version (which is 1.8.16, released 2016-03-20), we can probably use something that's at least a little bit less ancient.
Created attachment 904 [details] Patch to build pcsctun with both old and new versions of pcsc-lite
Doing this now together with bug 7764 do get rid of some hacks in OpenSC.
Seems to work well. Tested a signature operation using pkcs15-tool with an Ubuntu 20.04 server. Clients were Fedora 34, macOS 11 and Windows 10. The card was a MyEID 4.5.5 card with a 4096 bit key.
From an inspection of the changes made to the relevant PCSC-lite headers, the ABI seem to have remained stable between 1.5.5 (earlier version) and 1.9.2 (new version). Since we only use the header-defined data-structures and do not link with PCSC-lite, this stability is sufficient. I tested signing (with pkcs15-tool) and verifying files using the Inera card (with a 2048 bit key) with the armhf Jenkins client build #2205 running on Ubuntu 13.10 (with PCSC-lite 1.8.6) without any issues. This was done against a Ubuntu 20.04 server. Looks good!
