NetworkManager & PKCS#11 remoting

David Woodhouse dwmw2 at
Tue Jun 21 16:00:02 UTC 2016

On Tue, 2016-06-21 at 15:01 +0200, Nikos Mavrogiannopoulos wrote:
> This may not be workable. p11-kit does only the parsing of the URL but
> does not pass info to the underlying module or so. Thus even if it
> could see v-remote-fd=5, I don't think it could do anything useful with
> it (except of course setting an environment variable).

Or calling a p11_kit_remote_module_from_fd() function.

> For module-path, the story is the same, but in that case applications
> and libs that use it (such as gnutls) most likely will support it
> directly once p11-kit can parse it. 

It could be largely parallel, surely? If we can teach GnuTLS to see the
module-path attribute and call p11_kit_module_load() and use the
resulting module, then we can also teach it to do the same for a
remote-fd. The only real difference is that it's calling a different
p11-kit function.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5760 bytes
Desc: not available
URL: <>

More information about the p11-glue mailing list