10) src/nss/tokens.c
Thanks for long explanations! I think I understand your point but I am just not sure that the way it is done right now is generic enough :) For example, it is still one and only one "best slot" for a given algorithm for the whole application. I can see a situation when one would need to do encryption on *different* slots (for example, for performance reasons different threads run crypto operation on different slots).
Anyway, I have another proposal. How about replacing NSS GetBestSlot() function with xmlSecNss one. By default, xmlsec will simply call NSS version but application would be able to replace this callback with anything it wants. In your case, you'll have some custom function that would use the tokens list you have right now. In the case I described above, it might be a simple function that provides a static mapping between threads and slots.
On your side, the only change would be to move the tokens list code out of xmlsec to the application layer (and may be you can rewrite it using better data structures like map or hash than a plain list used now).
How does it sounds to you?
Aleksey
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
