On 2010/03/02 19:18, Jan Pechanec wrote: > On Tue, 2 Mar 2010, Vladimir Kotal wrote: > >>> I should have said before: I am using the patch. Right now I am testing on >>> Solaris 10 (not OpenSolaris), but it will eventually be used on Linux, I >>> think. >> >> Using custom OpenSSL libraries on (Open)Solaris is definitely not supported >> by >> Sun/Oracle so I will only respond to generic issues. >> >> As for the support of the patch itself I will let Jan to answer this one. > > we do not support the patch. We gave it out in hope it would be > useful but with no intent to support it.
I know. Thank you guys for taking the time to answer my questions. > > I agree. CK_C_INITIALIZE_ARGS are optional and by not providing > them we just say nothing about threads. And since we know that the CF is > thread safe, it's OK for us. It's good to note that the patch was > generated using code from OpenSolaris, no other changes were made. It works in Solaris, but since the spec says otherwise, it might not work with other PKCS#11 libraries (I have at least one such case). See my previous reply. > > I should probably put a note to README.pkcs11 about this if > there is going to be a new version. That would be helpful. > >>> Well, destroying the private key is hardly the way to prevent memory leaks. >>> If, say, it were a smart card, with keys generated on the card, calling >>> C_DestroyObject will the destroy the only copy of the key on the card. And >>> that >>> is not good... >> >> But for non-token objects it does matter very much :) The key-by-ref project >> addresses this issue. > > exactly. > I don't get how key-by-ref addresses this. See my previous reply.
