be less verbose on non-errors
Stef Walter
stefw at redhat.com
Fri Jul 4 05:54:21 PDT 2014
On 30.06.2014 14:36, Nikos Mavrogiannopoulos wrote:
> On Mon, 2014-06-30 at 13:52 +0200, Stef Walter wrote:
>> On 27.06.2014 17:26, Nikos Mavrogiannopoulos wrote:
>>> This patch makes p11-kit a bit less verbose.
>>
>> - if (rv != CKR_OK) {
>> + if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED) {
>> Thanks for the patch, but wouldn't this cause problems when
>> p11_kit_modules_finalize() (or another C_Finalize invocation) is called,
>> and the module would be finalized too many times?
>> Where did you see this happen? Was the module loaded with the
>> P11_KIT_UNMANAGED flag? The goal is that when modules are managed by
>> p11-kit they never return that error code.
>
> I'm seeing this error code when I reinitialize after a fork and use
> soft-tokens like softhsm under p11-kit. Run for example the attached
> test (has to be compiled as a p11-kit test) and you'll see:
> p11-kit: (unknown): module failed to initialize: The module has already
> been initialized
Thanks for catching this bug. I've pushed a commit to git master for it:
http://cgit.freedesktop.org/p11-glue/p11-kit/commit/?id=25e8999fd11d0b2c156f3bdd8597142dedd042cb
> Also printing in stderr when not being instructed to is quite dangerous
> for a library. In that particular case that error was going out to
> apache log. Maybe all errors should be silenced unless the P11_KIT env
> variable is set or so.
Many libraries do this, even glibc. From what I remember, this has
already been discussed on this mailing list.
PKCS#11, TLS (and friends) are all incredibly complex. You want to have
some way to know when they fail, and not have silent errors hidden
behind a barrier that only those intimate with the project know how to
get through.
If we are printing warnings/messages in cases that are routine, and
should not be warnings, then lets fix those specific cases.
You can trivially turn it off with this function call if you feel the
default is inappropriate in your environment:
http://p11-glue.freedesktop.org/doc/p11-kit/p11-kit-Future.html#p11-kit-be-quiet
I've pushed a commit so that the above function is marked as stable:
http://cgit.freedesktop.org/p11-glue/p11-kit/commit/?id=d8c064dff11af8537d1c228927c9da82cb6b60e4
Cheers,
Stef
More information about the p11-glue
mailing list