pkcs11x.h missing

Stef Walter stefw at
Wed Jan 8 05:57:14 PST 2014

On 02.01.2014 14:02, Nikos Mavrogiannopoulos wrote:
> Hello,
>  I am trying to use blacklists from the p11-kit trust module, and
> according to documentation in [0], CKA_X_DISTRUSTED must be specified
> when looking for a blacklisted certificate. However, this definition is
> only available in pkcs11x.h which is not installed. Even more, I think
> it would be more convenient if that file was included by default by
> pkcs11.h so one could simply check for that functionality with an

Indeed. Makes sense, although maybe I'd #include it into pkcs11.h, and
require a #define PKCS11_ENABLE_EXTENSIONS to activate it, or something
like that.

One thing that's blocking all of this right now is that PKCS#11 2.40 has
a new attribute CKA_PUBLIC_KEY_INFO, and I'd like to use that instead of
defining a vendor attribute (as is done in pkcs11x.h). However
CKA_PUBLIC_KEY_INFO doesn't have a value yet. Have asked about this on
the mailing list [1]. There are various constants missing, so these
should be solved soon.




More information about the p11-glue mailing list