Next: , Previous: , Up: Smart cards and HSMs   [Contents][Index]

5.3.2 Manual initialization of user-specific modules

In systems where one cannot rely on a globally available p11-kit configuration to be available, it is still possible to utilize PKCS #11 objects. That can be done by loading directly the PKCS #11 shared module in the application using gnutls_pkcs11_add_provider, after having called gnutls_pkcs11_init specifying the GNUTLS_PKCS11_FLAG_MANUAL flag.

Function: int gnutls_pkcs11_add_provider (const char * name, const char * params)

name: The filename of the module

params: should be NULL or a known string (see description)

This function will load and add a PKCS 11 module to the module list used in gnutls. After this function is called the module will be used for PKCS 11 operations.

When loading a module to be used for certificate verification, use the string ’trusted’ as params .

Note that this function is not thread safe.

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 2.12.0

In that case, the application will only have access to the modules explicitly loaded. If the GNUTLS_PKCS11_FLAG_MANUAL flag is specified and no calls to gnutls_pkcs11_add_provider are made, then the PKCS #11 functionality is effectively disabled.

Function: int gnutls_pkcs11_init (unsigned int flags, const char * deprecated_config_file)

flags: An ORed sequence of GNUTLS_PKCS11_FLAG_ *

deprecated_config_file: either NULL or the location of a deprecated configuration file

This function will initialize the PKCS 11 subsystem in gnutls. It will read configuration files if GNUTLS_PKCS11_FLAG_AUTO is used or allow you to independently load PKCS 11 modules using gnutls_pkcs11_add_provider() if GNUTLS_PKCS11_FLAG_MANUAL is specified.

You don’t need to call this function since GnuTLS 3.3.0 because it is being called during the first request PKCS 11 operation. That call will assume the GNUTLS_PKCS11_FLAG_AUTO flag. If another flags are required then it must be called independently prior to any PKCS 11 operation.

Returns: On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Since: 2.12.0

Next: , Previous: , Up: Smart cards and HSMs   [Contents][Index]