From 21b64c68e6a5ffcae50f3561f6dec6ee943a006f Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Tue, 30 Aug 2011 21:17:41 +0200 Subject: Add 'critical' setting for modules * When a module has critical set to 'yes', and that module fails to init then it aborts the entire init process. * Defaults to 'no' --- doc/p11-kit-config.xml | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'doc') diff --git a/doc/p11-kit-config.xml b/doc/p11-kit-config.xml index 89ba7e7..76b3fa2 100644 --- a/doc/p11-kit-config.xml +++ b/doc/p11-kit-config.xml @@ -43,6 +43,10 @@ user-config: merge # This setting controls the actual module library to load. This config file might # be installed by the package that installs this module library. module: /usr/lib/my-pkcs11-module.so + +# This controls whether the module is required to successfully initialize. If 'yes', then +# a failure to load or initialize this module will result in a p11-kit system failure. +critical: no User configuration file: ~/.pkcs11/pkcs11.conf @@ -63,6 +67,7 @@ module: /home/user/src/custom-module/my-module.so # some custom non-standard initialization arguments, as NSS expects. module: /usr/lib/libsoftokn3.so x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix='' secmod='socmod.db' +critical: yes @@ -113,8 +118,23 @@ x-init-reserved: configdir='sql:/home/test/.pki/nssdb' certPrefix='' keyPrefix=' module: - The absolute path to the PKCS#11 module to load. - This should include an extension like .so + + The absolute path to the PKCS#11 module to load. + This should include an extension like .so + If this value is blank, then the module will be ignored. + This can be used in the user configs to override loading of a module + specified in the system configuration. + + + + critical: + + Set to yes if the module is critical and + required to load. If a critical module fails to load or initialize, + then the loading process for all registered modules will abort and + return an error code. + This argument is optional and defaults to no. + -- cgit v1.1