| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
| |
* These can be used to load certain modules in certain
programs, or prevent loading in others.
* Useful for a key manager like seahorse, so we can load
extra modules (think NSS) that other modules shouldn't
load.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* First of all one should only call async-signal-safe functions
from the callbacks of pthread_atfork(), and so we cannot
reinitialize directly.
* Some modules use pthread_atfork() to detect forking and setup
their internal state. If we call into them in our pthread_atfork()
callback then this is inherently racy.
* There was danger of endless loops and deadlocks which are caused
by handlers which fork in their C_Initialize
* Many processes do fork/exec, reinitializing PKCS#11 for these
forks is quite resourc intensive when the child process won't use
PKCS#11 at all.
|
|
|
|
|
| |
* See previous commit
* Initialize library before debug statements
|
|
|
|
|
|
|
| |
* Work around issues with brain-dead linkers not respecting
the libtool -export-symbol-regex argument
https://bugs.freedesktop.org/show_bug.cgi?id=42020
|
|
|
|
|
|
|
|
| |
* Tests do not all yet pass, at least not on wine
* Added abstraction of some non-portable functions in compat.h/c
* Build with an argument like this for win32 support:
./autogen.sh --host=i586-mingw32msvc
* This win32 port needs more work from interested parties
|
|
|
|
|
|
|
|
| |
* Do not concurretnly call C_Initialize or C_Finalize in a module
* The PKCS#11 spec indicates that mone thread should call those functions.
* It's reasonable for a module to expect to only be initialized or
finalized in one thread.
* In particular NSS does not lock its C_Initialize or C_Finalize.
|
| |
|
|
|
|
|
|
| |
* Fixes build on GNU/Hurd
https://bugs.freedesktop.org/show_bug.cgi?id=41303
|
|
|
|
| |
https://bugs.freedesktop.org/show_bug.cgi?id=40923
|
|
|
|
|
|
|
| |
So far we have only supported full paths to the pkcs11 modules in config
files. This change adds relative path support, so that for modules
installed under the standard $libdir/pkcs11, the config file won't have
to spell out the full path.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Renamed them to reduce ambiguity and to pave the way for exposing
some additional parameters.
p11_system_modules -> p11_system_config_modules
p11_user_modules -> p11_user_config_modules
configure --with-pkcs11-dir
=>
configure --with-system-config
|
| |
|
|
|
|
|
|
| |
* When a module has critical set to 'yes', and that module fails to init
then it aborts the entire init process.
* Defaults to 'no'
|
|
|
|
|
|
|
| |
* If a module forks during its C_Initialize, previously our
fork handler would try to initialize it again, ad nauseum.
Reported by Nikos on the mailing list.
|
|
|
|
|
|
|
| |
* More checks for out of memory.
* Take more of the same code paths when initializing a single
module as when initializing registered, or loading from file.
* Cleanup halfway initialized globals if fail during init.
|
|
|
|
|
|
| |
* Duplicate modules may be caused by editor backups, misconfigurations
or a multitude of other sources. Failing dead is a bit harsh.
* After discussing gnutls needs with Nikos
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* Reimplement the various bits of the hash table that were
still based on the apache apr code. Use different algorithms
for hashing, lookup and other stuff.
* Use this as an opportunity to cleanup that code and make
it more legible.
https://bugzilla.redhat.com/show_bug.cgi?id=725905
|
|
|
|
| |
Thanks to Richard Bellgrim.
|
| |
|
|
|
|
| |
* Add p11_kit_message() function to get last message.
|
|
|
|
|
| |
* Move configuration loading into conf.c
* Have user modules with same name merge/override modules in system.
|
|
|
|
| |
* Just skip loading these.
|
| |
|
| |
|
|
|
|
|
| |
* This function will load a module from a file path, and then
initialize it.
|
| |
|
|
* Install headers to ${prefix}/include/p11-kit-1/p11-kit/
* This solves problems with other projects that have their own
pkcs11.h files.
* Change the pkg-config file name to p11-kit-1.pc
* Change the source file names.
|