pkcs11x.h missing

Stef Walter stefw at redhat.com
Wed Jan 8 05:57:14 PST 2014


On 02.01.2014 14:02, Nikos Mavrogiannopoulos wrote:
> Hello,
>  I am trying to use blacklists from the p11-kit trust module, and
> according to documentation in [0], CKA_X_DISTRUSTED must be specified
> when looking for a blacklisted certificate. However, this definition is
> only available in pkcs11x.h which is not installed. Even more, I think
> it would be more convenient if that file was included by default by
> pkcs11.h so one could simply check for that functionality with an
> #ifdef CKA_X_DISTRUSTED.

Indeed. Makes sense, although maybe I'd #include it into pkcs11.h, and
require a #define PKCS11_ENABLE_EXTENSIONS to activate it, or something
like that.

One thing that's blocking all of this right now is that PKCS#11 2.40 has
a new attribute CKA_PUBLIC_KEY_INFO, and I'd like to use that instead of
defining a vendor attribute (as is done in pkcs11x.h). However
CKA_PUBLIC_KEY_INFO doesn't have a value yet. Have asked about this on
the mailing list [1]. There are various constants missing, so these
should be solved soon.

Cheers,

Stef

[1]
https://www.oasis-open.org/apps/org/workgroup/pkcs11/email/archives/201401/msg00003.html


More information about the p11-glue mailing list