[gnutls-dev] GnuTLS PKCS#11 Engine
Alon Bar-Lev
alon.barlev at gmail.com
Mon May 14 16:20:25 CEST 2007
Hello Marcus,
The sequence is as follows:
1. Application calls C_Initialize() of some providers.
2. Application fork()
3. Application must call C_Initialize() at child, as the spec
instructs, so child environment will be complete.
4. Application wishes to do something else in this child, so it C_Finalize()
5. Parent can access PKCS#11 token.
6. Child does not.
In your case you fork, so automatically you get C_Iniitalize(),
C_Finalize() at child, and it seems that somehow it makes the parent
not working?
Best Regards,
Alon Bar-Lev.
On 5/14/07, Marcus Brinkmann <marcus.brinkmann at ruhr-uni-bochum.de> wrote:
> At Mon, 14 May 2007 14:28:54 +0300,
> "Alon Bar-Lev" <alon.barlev at gmail.com> wrote:
> >
> > On 5/14/07, Simon Josefsson <simon at josefsson.org> wrote:
> > > I suppose this is just PKCS#11 internal stuff, and I hope you will solve
> > > it. If I can assist in testing anything, let me know.
> >
> > This is sute problem, I cannot solved this... I CCed Marcus, I hope he
> > will be able to solve it.
>
> I am happy to help, but I need to know with what. I am not subscribed
> to gnutls, please forward me the relevant details.
>
> From the followup mail I was CC'ed I guess it is related to threading
> and Scute's use of fork(). I realize that it could be a problem (also
> I would still like to know the particular details that bother you).
> Unfortunately, we can not limit ourselves to the gpg-agent interface,
> because we need the certificates, and those are in gpgsm's database,
> and not accessed by gpg-agent.
>
> Another idea: If gpgsm were to run as a server on a named pipe, it
> could have a call-agent passthrough interface for the gpg-agent stuff
> (similar to SCD command in gpg-agent), and then we could do everything
> over a socket. However, we are not quite there yet to fully support
> such a model of operation, so that's more of a long-term option.
>
> Enough guessing, let's hear you now :)
>
> Thanks,
> Marcus
>
>
More information about the Gnutls-dev
mailing list