Using p11-kit for PKCS#11 support
Stef Walter
stefw at collabora.co.uk
Tue Jun 7 19:36:56 CEST 2011
p11-kit is a library that loads and coordinates access to modules. The
two selling points of the library are:
* Allows multiple consumers of a PKCS#11 module within the same process
to coordinate access to that module. Without such a coordinator
the various consumers will finalize modules out from one another. [1]
* Provides a solid configuration system for which PKCS#11 modules to
load and initialize [2].
Of course there are other features too:
* A solid reference implementation of the PKCS#11 URI spec.
* Fixes forking problems, and eases loading of the modules.
* Saves lots of code in gnutls.
The attached patch ports gnutls to p11-kit. It's actually a combined set
of patches, and these are available in branch form:
http://cgit.collabora.com/git/user/stefw/gnutls.git/log/?h=p11-kit
p11-kit is added as a dependency. p11-kit itself has no dependencies
outside of basic libc stuff. The source code for p11-kit is available
both in git and tarball form. [3]
If the gnutls dependency on p11-kit is disabled (via a configure option)
then the PKCS#11 support is disabled. This is useful in bare bones
embedded systems or places where very minimal dependencies are limited.
I'm working on integrating gnutls and PKCS#11 support into GLib. This
patch is a prerequisite for that, so I'm looking forward to any feedback
that would help get this change into gnutls.
Cheers,
Stef
[1] http://p11-glue.freedesktop.org/doc/p11-kit/sharing.html
[2] http://p11-glue.freedesktop.org/doc/p11-kit/config.html
[3] http://p11-glue.freedesktop.org/p11-kit.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pkcs11-using-p11-kit.patch
Type: text/x-patch
Size: 274227 bytes
Desc: not available
URL: </pipermail/attachments/20110607/822f486a/attachment.bin>
More information about the Gnutls-devel
mailing list