On Tue, 2016-06-21 at 17:00 +0100, David Woodhouse wrote: > On Tue, 2016-06-21 at 15:01 +0200, Nikos Mavrogiannopoulos wrote: > > > > > > This may not be workable. p11-kit does only the parsing of the URL > > but > > does not pass info to the underlying module or so. Thus even if it > > could see v-remote-fd=5, I don't think it could do anything useful > > with > > it (except of course setting an environment variable). > Or calling a p11_kit_remote_module_from_fd() function. > > > > > For module-path, the story is the same, but in that case > > applications > > and libs that use it (such as gnutls) most likely will support it > > directly once p11-kit can parse it. > It could be largely parallel, surely? If we can teach GnuTLS to see > the > module-path attribute and call p11_kit_module_load() and use the > resulting module, then we can also teach it to do the same for a > remote-fd. The only real difference is that it's calling a different > p11-kit function.
On second view we may not need any gnutls changes for module-path. If that module is already initialized (e.g., already registered via p11- kit), then only p11_kit_uri_match_module_info() need to consider that information. For remote-fd, it would require changes to every application using p11- kit (engine_pkcs11, etc). I don't see how it could work without hard- coding it to every application. regards, Nikos _______________________________________________ p11-glue mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/p11-glue
