ANNOUNCE: p11-kit 0.19.1

Nikos Mavrogiannopoulos nmav at
Tue May 28 02:34:55 PDT 2013

On Mon, May 27, 2013 at 10:44 AM, Stef Walter <stefw at> wrote:
> This is an unstable development release. It introduces a some new
> refactored API, and unfortunately deprecates some commonly used functions.
> As discussed earlier on the mailing list, this adds a dependency on
> libffi. It is optional, but just barely. It is only optional because
> certain embedded platforms may have difficulty with it. It is not
> recommended that any distro make this a build option or build p11-kit
> without libffi.
> The reason for the API change, is that we need multiple callers of
> p11-kit to keep their own state and PKCS#11 module pointers, rather than
> relying on a global list.

Hello Stef,
 It seems I have missed this discussion (I'm unfortunately too busy
right now and my brain selectively fades things into background). I
don't quite know what libffi do, but is it really required to keep a
context per user?

I really liked that p11-kit was a thin layer over PKCS #11 that offers
quite some goodies in addition (such as url parsing). Such a
dependency makes it no longer thin, and I don't quite understand the
advantage of it. Were there any practical issues with the global
state? The (bad) way PKCS #11 is designed makes global pointers quite
unavoidable, so I think anyone using pkcs11 should be familiar with
that already.


More information about the p11-glue mailing list