[PATCH] Callback for PIN prompting per PKCS#11 URI
stefw at collabora.co.uk
Thu Jul 7 19:32:38 CEST 2011
Currently in gnutls only one global callback for PIN prompting can be
registered. This causes problems with multiple libraries in the same
process using gnutls.
Attached is a patch which uses p11-kit to solve this problem in a
generic and flexible way .
p11-kit (0.2 and later) now allow registering of various callbacks for
different PKCS#11 URIs. It uses the 'pinfile' attribute of the URI to do
this. The PKCS#11 URI specification talks about applications specific
values 'pinfile' URI. These new p11-kit APIs do exactly that.
Usage example: I'm using this to implement support for smart cards in
GLib's new TLS code.
* GLib registers a callback with p11-kit for the 'pinfile' value:
* It includes pinfile=gtls-database in the various PKCS#11 URIs it
passes to gnutls.
* gnutls sees that there's a 'pinfile' attribute, and asks p11-kit to
request the PIN, which it does by calling the callback registered.
Incidentally, I think the name of 'pinfile' in the PKCS#11 URI spec
should be changed to 'pin' but that's a separate issue.
This patch is also available as a branch:
Let me know if something looks amiss. This patch makes no ABI changes to
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 17410 bytes
Desc: not available
More information about the Gnutls-devel