PKCS#11 URI and system configuration fixes #9
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
These patches make engine_pkcs11 accept key/cert specifications in the form of a PKCS#11 URI as described at https://tools.ietf.org/html/draft-pechanec-pkcs11uri-16
There is also a patch to make it automatically load p11-kit-proxy.so as its PKCS#11 provider instead of just failing if none is specified. This has the effect of making it Just Work™ with the system configuration for which modules should be present.
These are both important standardisation efforts to make PKCS#11 more usable on the desktop. We really need provider modules to be able to automatically install themselves with the system, and a consistent way of specifying objects within PKCS#11 tokens. Which is what we get from p11-kit, and the PKCS#11 URI, respectively.
Note that the first patch doesn't add a dependency on p11-kit libraries; it only uses pkg-config to determine the location of the p11-kit-proxy.so provider module — which loads all the providers which are registered in the system configuration, into slots of itself.