NetworkManager & PKCS#11 remoting

David Woodhouse dwmw2 at
Tue Jun 21 09:43:25 UTC 2016

On Mon, 2016-06-20 at 15:50 +0200, Lubomir Rintel wrote:
> We're able to spawn a remoting agent in the user session and pass the
> open file descriptor to the daemons, but there doesn't seem to be a way
> to make the p11-kit or p11-kit-proxy users use that file handle. I've
> got it working by passing the file descriptor number via an environment
> variable [1] [2]; but perhaps there's a better way?
> [1]
> [2]

Hm, at first glance I was going to suggest that it might be nicer to
avoid the config and environment bits, and just add a new function

I'm not entirely sure how we make that work overall though, if you're
only really using GnuTLS and not otherwise talking directly to
p11-kit. And if you're using through NSS or OpenSSL's
engine_pkcs11 then you're another step removed from p11-kit.

But still I *really* don't like the P11_REMOTE_FD environment variable,
and EVEN having equivalent behaviour with a global variable set by a
'p11_kit_set_remote_fd()' would seem nicer than that.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <>

More information about the p11-glue mailing list