From 8fd55c8089c90b52f00e4ffad572d1b9da72e6ba Mon Sep 17 00:00:00 2001 From: Stef Walter <stefw@gnome.org> Date: Thu, 7 Mar 2013 18:53:50 +0100 Subject: p11-kit: New priority option and change trust-policy option * Sort loaded modules appropriately using the 'priority' option. This allows us to have a predictable order for callers, when callers iterate through modules. * Modules default to having an 'priority' option of '0'. * If modules have the same order value, then sort by name. * The above assumes the role of ordering trust-policy sources. * Change the trust-policy option to a boolean * Some of this code will be rearranged when the managed branch is merged. https://bugs.freedesktop.org/show_bug.cgi?id=61978 --- doc/manual/p11-kit-trust.xml | 5 +++-- doc/manual/pkcs11.conf.xml | 20 +++++++++++++++----- 2 files changed, 18 insertions(+), 7 deletions(-) (limited to 'doc/manual') diff --git a/doc/manual/p11-kit-trust.xml b/doc/manual/p11-kit-trust.xml index 06f168e..198d5db 100644 --- a/doc/manual/p11-kit-trust.xml +++ b/doc/manual/p11-kit-trust.xml @@ -107,11 +107,12 @@ $ pkg-config --variable p11_trust_paths p11-kit-1 <listitem><para>Disable loading trust policy information from this module by adding a file to <literal>/etc/pkcs11/modules</literal> called <literal>p11-kit-trust.module</literal> containing a - <literal>trust-policy:</literal> line.</para></listitem> + <literal>trust-policy: no</literal> line.</para></listitem> + <listitem><para>Disable this module completely by adding a file to <literal>/etc/pkcs11/modules</literal> called <literal>p11-kit-trust.module</literal> containing a - <literal>enable-in:</literal> line.</para></listitem> + <literal>enable-in:</literal> line (without a value).</para></listitem> </itemizedlist> </section> diff --git a/doc/manual/pkcs11.conf.xml b/doc/manual/pkcs11.conf.xml index 3146f60..5ff0863 100644 --- a/doc/manual/pkcs11.conf.xml +++ b/doc/manual/pkcs11.conf.xml @@ -128,13 +128,23 @@ x-custom : text </listitem> </varlistentry> <varlistentry> + <term><option>priority:</option></term> + <listitem> + <para>The value should be an integer. When lists of modules are + returned to a caller of p11-kit, modules with a higher number are sorted + first. When applications search modules for for certificates, keys and + trust policy information, this setting will affect what find + first.</para> + <para>This argument is optional, and defaults to zero. Modules + with the same <option>priority</option> option will be sorted + alphabetically.</para> + </listitem> + </varlistentry> + <varlistentry> <term><option>trust-policy:</option></term> <listitem> - <para>If this setting is present then this module is used to load - trust policy information such as certificate anchors and black lists. - The value should be an integer. Modules with a lower number are loaded - first. Trust policy information in modules loaded later overrides - those loaded first.</para> + <para>Set to <literal>yes</literal> to use use this module as a source + of trust policy information such as certificate anchors and black lists.</para> </listitem> </varlistentry> </variablelist> -- cgit v1.1