| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
6.7.1 Initialization
To allow all the GnuTLS applications to access PKCS #11 tokens
you can use a configuration per module, stored in /etc/pkcs11/modules/.
These are the configuration files of p11-kit(11).
For example a file that will load the OpenSC module, could be named
/etc/pkcs11/modules/opensc and contain the following:
module: /usr/lib/opensc-pkcs11.so
If you use this file, then there is no need for other initialization in GnuTLS, except for the PIN and token functions. Those allow retrieving a PIN when accessing a protected object, such as a private key, as well as probe the user to insert the token. All the initialization functions are below.
Note that due to limitations of PKCS #11 there are issues when multiple libraries are sharing a module. To avoid this problem GnuTLS uses p11-kit that provides a middleware to control access to resources over the multiple users.
Moreover PKCS #11 modules must be reinitialized on the child processes
after a fork. GnuTLS provides gnutls_pkcs11_reinit
to be called for this purpose.
| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
This document was generated on March 2, 2012 using texi2html 5.0.