It is so hard to make you all understand myself because of my poor English. :-)
My poor English skill! Great, you understand me now. :-)
Well, your English is good enough for me :) I think I understood what you want
from the beginning.
By now, you should have asked several times, "why Pk11SlotList". Some reason are:
1. NSS provides a set of functions to manage PK11SlotList;
2. User can dynamicly adjust PK11SlotList directly instead of call xmlSec functions, and which is safe also because xmlSec only get and reference the slot handler;
3. xmlSec care less just to find the suitable slot from the list.
The question I have is: suppose you have to slots A and B that both support
RSA encryption and DSA signatures. And your application wants to use
slot A for RSA encryption and slot B for DSA signatures. I understand
how you can do it with my proposal when application explicitly maps
algorithm to the slot. I am not sure I understand how you can do it with
"Pk11SlotList" inteface you suggest: both slots needs to be in the
list, the GetSlot functions loops thru the list and always selects the first one.
I see no difference from original GetBestSlot().
It is not the best one, it is the suitable one. So I like the name "xmlSecNssSlotInit". :-P
Sure, I don't care :)
int xmlSecNssBestSlotAdopt(CK_MECHANISM_TYPE alg, PK11SlotInfo* slot) :
Sets "slot" to be used for "alg" (global inside xmlsec).
No. Which result in complex lines because there are so many crypto mechanism,
and which also result in a table that must be maintained internally by xmlSec,
it is in-flexible. This is another reason why use PK11SlotList.
See example above.
I don't think so( fallback to PK11_getBestSlot(): I understand this is "if no slot in the slot
list meet the require( mechanism ), call this function", right?). If a PK11Slot list specified,
it means only those slot in the list are available, while "GetBestSlot" will search all active
slots; if not slot list initialized, it means user do not care which slot selected, we can call
"GetBestSlot".
Well, it's a difference in our proposals :) In my case, I want to let user only map algorithms
he cares about and let GetBestSlot() do the rest :) But you are right, in case of "list" type API
you suggest it's probably not necessary.
Aleksey
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
