[gnutls-devel] gnutls_pkcs11_add_provider() duplicate modules detection
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jul 15 09:27:13 CEST 2016
On Thu, Jul 14, 2016 at 5:28 PM, Jan Včelák <jan.vcelak at nic.cz> wrote:
> Hey,
> I just found out that gnutls_pkcs11_add_provider() doesn't detect
> duplicate modules to be loaded however the code indicates that some
> duplicate detection happens. As a result, when a module is loaded
> multiple times, the gnutls_pkcs11_obj_list_import_url4() function
> retrieves objects as many times as many times the module is loaded.
>
> Internally, the module address returned by p11_kit_module_load() is
> checked against a list of already present modules. It doesn't work. (It
> seems to work with P11_KIT_MODULE_UNMANAGED though).
> I'm not sure how to fix this correctly. Any ideas?
I'm not sure if there is a solution to that either. You could compare
whether the ck_info matches, but I've seen few cases of modules having
these fields identical (e.g., one could be remoted and the other
local). However, getting duplicate items can also happen with
different libraries. E.g., if you register both opensc and
opensc-onepin, as well as coolkey, you'll get objects in piv card
listed three times.
Why not address that in the configuration?
regards,
Nikos
More information about the Gnutls-devel
mailing list