On Mon, 2016-06-20 at 15:50 +0200, Lubomir Rintel wrote: > > We're able to spawn a remoting agent in the user session and pass the > open file descriptor to the daemons, but there doesn't seem to be a way > to make the p11-kit or p11-kit-proxy users use that file handle. I've > got it working by passing the file descriptor number via an environment > variable [1] [2]; but perhaps there's a better way? > > [1] https://github.com/NetworkManager/p11-kit/commit/e92db917.patch > [2] https://github.com/NetworkManager/p11-kit/commit/fcb5a24.patch
Hm, at first glance I was going to suggest that it might be nicer to avoid the config and environment bits, and just add a new function p11_kit_load_remote_module_by_fd(). I'm not entirely sure how we make that work overall though, if you're only really using GnuTLS and not otherwise talking directly to p11-kit. And if you're using p11-kit-proxy.so through NSS or OpenSSL's engine_pkcs11 then you're another step removed from p11-kit. But still I *really* don't like the P11_REMOTE_FD environment variable, and EVEN having equivalent behaviour with a global variable set by a 'p11_kit_set_remote_fd()' would seem nicer than that. -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ p11-glue mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/p11-glue
