GNOME Bugzilla – Bug 750393
Cannot create GTlsCertificate from PKCS#11
Last modified: 2018-05-24 17:53:10 UTC
We appear to have no g_tls_certificate_new_from_pkcs11() function. We should have one. It should take a PKCS#11 URI according to RFC7512, and automatically use the tokens specified by p11-kit for the currently-running application. No explicit messing with which PKCS#11 modules to load should be necessary. There might be some merit in g_tls_certificate_new_from_file() actually accepting a PKCS#11 URI as well as a filename — or having *some* function which does so. Then tools which simply have a text field in their configuration that can take a filename *or* a PKCS#11 URI don't need to inspect it to find out which it is and call the appropriate g_tls_certificate_new_from_ function.
(In reply to David Woodhouse from comment #0) > There might be some merit in g_tls_certificate_new_from_file() actually > accepting a PKCS#11 URI as well as a filename Yeah, the odds of someone having a file whose name was also a valid PKCS#11 URI is pretty negligible, so we could probably get away with that.
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/glib/issues/1047.