NetworkManager & PKCS#11 remoting
dwmw2 at infradead.org
Tue Jun 21 09:43:25 UTC 2016
On Mon, 2016-06-20 at 15:50 +0200, Lubomir Rintel wrote:
> We're able to spawn a remoting agent in the user session and pass the
> open file descriptor to the daemons, but there doesn't seem to be a way
> to make the p11-kit or p11-kit-proxy users use that file handle. I've
> got it working by passing the file descriptor number via an environment
> variable  ; but perhaps there's a better way?
>  https://github.com/NetworkManager/p11-kit/commit/e92db917.patch
>  https://github.com/NetworkManager/p11-kit/commit/fcb5a24.patch
Hm, at first glance I was going to suggest that it might be nicer to
avoid the config and environment bits, and just add a new function
I'm not entirely sure how we make that work overall though, if you're
only really using GnuTLS and not otherwise talking directly to
p11-kit. And if you're using p11-kit-proxy.so through NSS or OpenSSL's
engine_pkcs11 then you're another step removed from p11-kit.
But still I *really* don't like the P11_REMOTE_FD environment variable,
and EVEN having equivalent behaviour with a global variable set by a
'p11_kit_set_remote_fd()' would seem nicer than that.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5760 bytes
Desc: not available
More information about the p11-glue