On Tue, May 12, 2015 9:44 am, Peter Bowen wrote: > How about an even simpler solution? Don't have p11-kit load the > PKCS#11 modules, just provide a list of paths and let the application > pass those to NSS. That way the application can choose to > transparently load modules without user interaction, offer a UI option > for "load system modules", or provide a pick list of module to load.
Right, that's known as an NSS Module DB (and is in fact what the pkcs11.txt parser is) The shared library reports back the supported modules and configuration flags, and then NSS loads and initializes them as if they were first-class modules. http://mxr.mozilla.org/nss/source/lib/sysinit/nsssysinit.c is an example of this. [Yes, it relies on a non-standard extension to PKCS#11's C_Initialize; caveat emptor] -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
