From: Nikos Mavrogiannopoulos Date: Thu, 13 Feb 2014 08:39:57 +0000 (+0100) Subject: Added flag GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags(). X-Git-Tag: gnutls_3_3_0pre0~188 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b60c5be786f0caa4799cbaea12c1560f5a1acc48;p=thirdparty%2Fgnutls.git Added flag GNUTLS_PKCS11_TOKEN_TRUSTED for gnutls_pkcs11_token_get_flags(). --- diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h index 636afd4438..ade02502b2 100644 --- a/lib/includes/gnutls/pkcs11.h +++ b/lib/includes/gnutls/pkcs11.h @@ -276,6 +276,7 @@ int gnutls_pkcs11_token_get_info(const char *url, void *output, size_t * output_size); #define GNUTLS_PKCS11_TOKEN_HW 1 +#define GNUTLS_PKCS11_TOKEN_TRUSTED (1<<1) /* p11-kit trusted */ int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags); int gnutls_pkcs11_obj_list_import_url(gnutls_pkcs11_obj_t * p_list, diff --git a/lib/pkcs11.c b/lib/pkcs11.c index 55a05d2139..6fb0a59add 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -59,6 +59,7 @@ struct gnutls_pkcs11_provider_st { struct find_flags_data_st { struct p11_kit_uri *info; unsigned int slot_flags; + unsigned int trusted; }; struct find_url_data_st { @@ -2868,7 +2869,10 @@ find_flags(struct pkcs11_session_info *sinfo, } /* found token! */ - + if (p11_kit_module_get_flags(sinfo->module) & P11_KIT_MODULE_TRUSTED) + find_data->trusted = 1; + else + find_data->trusted = 0; find_data->slot_flags = info->sinfo.flags; return 0; @@ -2880,7 +2884,8 @@ find_flags(struct pkcs11_session_info *sinfo, * @flags: The output flags (GNUTLS_PKCS11_TOKEN_*) * * This function will return information about the PKCS 11 token flags. - * The flags from the %gnutls_pkcs11_token_info_t enumeration. + * + * The supported flags are: %GNUTLS_PKCS11_TOKEN_HW and %GNUTLS_PKCS11_TOKEN_TRUSTED. * * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error. * @@ -2914,6 +2919,9 @@ int gnutls_pkcs11_token_get_flags(const char *url, unsigned int *flags) if (find_data.slot_flags & CKF_HW_SLOT) *flags |= GNUTLS_PKCS11_TOKEN_HW; + if (find_data.trusted != 0) + *flags |= GNUTLS_PKCS11_TOKEN_TRUSTED; + return 0; }