[gnutls-devel] gnutls_pkcs11_add_provider() duplicate modules detection

[Jan Včelák]

Hi.

On 15.7.2016 09:27, Nikos Mavrogiannopoulos wrote:
> I'm not sure if there is a solution to that either. You could compare
> whether the ck_info matches, but I've seen few cases of modules having
> these fields identical (e.g., one could be remoted and the other
> local). However, getting duplicate items can also happen with
> different libraries. E.g., if you register both opensc and
> opensc-onepin, as well as coolkey, you'll get objects in piv card
> listed three times.

Hm, right. I was just wondering how reliable this is expected to be.

> Why not address that in the configuration?

That is what I will have to do, probably. At the moment, our software
(Knot DNS) can be configured to use multiple private key stores. And you
can manually specify the provider for each key store. So we just call
gnutls_pkcs11_add_provider() explicitly when we need to access the keys.

Regards,

Jan