Do smart card drivers generally support more than one PKCS#11 session?

Stef Walter stefw at
Fri Jun 10 03:11:37 PDT 2011

On 06/09/2011 09:37 PM, Stef Walter wrote:
> I'm working on integrating smart card support via PKCS#11 into glib and
> gcr (part of gnome-keyring). We're integrating with GnuTLS for TLS support.
> I'd like to be able to do a C_Login in my code, and then pass off the
> URL to Gnutls. GnuTLS would then open another session, recognize that
> we're already logged in (this may need a slight tweak in the gnutls
> code) and then proceed without prompting the user.

After sleeping on this idea, I realized it won't work in certain cases. 
In particular when the key has CKA_ALWAYS_AUTHENTICATE and requires 

> The reason for this is that the gnutls callback for prompting the user
> to login is a global one, and hard to use from another library without
> assuming that the caller is the only gnutls consumer.

I'll instead propose a patch to gnutls which associates the login 
callback with the private key.



More information about the p11-glue mailing list