5.3.6 Low Level Access

When it is needed to use PKCS#11 functionality which is not wrapped by GnuTLS, it is possible to extract the PKCS#11 session, object or token pointers. That allows an application to still access the low-level functionality, while at the same time take advantage of the URI addressing scheme supported by GnuTLS.

Function: int gnutls_pkcs11_token_get_ptr (const char * url, void ** ptr, unsigned long * slot_id, unsigned int flags)

url: should contain a PKCS11 URL identifying a token

ptr: will contain the CK_FUNCTION_LIST_PTR pointer

slot_id: will contain the slot_id (may be NULL )

flags: should be zero

This function will return the function pointer of the specified token by the URL. The returned pointers are valid until gnutls is deinitialized, c.f. _global_deinit() .

Returns: GNUTLS_E_SUCCESS (0) on success or a negative error code on error.

Since: 3.6.3

Function: int gnutls_pkcs11_obj_get_ptr (gnutls_pkcs11_obj_t obj, void ** ptr, void ** session, void ** ohandle, unsigned long * slot_id, unsigned int flags)

obj: should contain a gnutls_pkcs11_obj_t type

ptr: will contain the CK_FUNCTION_LIST_PTR pointer (may be NULL )

session: will contain the CK_SESSION_HANDLE of the object

ohandle: will contain the CK_OBJECT_HANDLE of the object

slot_id: the identifier of the slot (may be NULL )

flags: Or sequence of GNUTLS_PKCS11_OBJ_* flags

Obtains the PKCS11 session handles of an object. session and ohandle must be deinitialized by the caller. The returned pointers are independent of the obj lifetime.

Returns: GNUTLS_E_SUCCESS (0) on success or a negative error code on error.

Since: 3.6.3