Fwd: LP#929108 support reading PIN from file when using PKCS#11 devices

Stef Walter stefw at gnome.org
Mon Apr 16 18:02:52 CEST 2012

On 2012-04-15 20:42, Nikos Mavrogiannopoulos wrote:
> Hello Stef,
>  I see the patch and I think it is based on a misunderstanding of what
> pinfile is (or was). However, I'm not sure how the "pin" field is used
> in p11-kit. Is there a way for someone to specify a pin in a file?

p11-kit has functions to coordinate use of the pin-source (which used to
called the pinfile) of a uri.

Applications or libraries that which to 'provide' a PIN can install
handlers for different values of pin-source. Gnutls (or other consumers
of PINs) then call p11_kit_pin_request(), which will redirect to the
correct pin-source handler.

By default no pin-source handlers are installed. By adding the following
default handler, p11-kit to default to treating pin-source (or pinfile)
actual files. It will handle invocations of p11_kit_pin_request() by
reading actual files:

  p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK,
                                 NULL, NULL);

It's up to you if you want this as default behavior for gnutls. It may
make sense.

The patch adds that line so I guess that's the real meat of the
suggested change.

I'm not sure what p11-kit regression David is referring to that broke
this. Andreas if you have more info, let me know. I'd be happy to fix it
if possible.

The rest of the patch (outside of the call to
p11_kit_pin_register_callback()) seems about cosmetics and logging.



More information about the Gnutls-devel mailing list