mark trusted p11-kit modules as trusted.

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 08:09:50 +0000 (09:09 +0100)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 13 Feb 2014 08:40:59 +0000 (09:40 +0100)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 08:09:50 +0000 (09:09 +0100)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 13 Feb 2014 08:40:59 +0000 (09:40 +0100)
diff --git a/lib/pkcs11.c b/lib/pkcs11.c

index 67fc0e6c2b10e00f0fe05bdfca5df95cff421e17..7f87877ceb27754a466172f91ad7d020325b460f 100644 (file)
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -51,6 +51,8 @@ extern void *_gnutls_pkcs11_mutex;
  struct gnutls_pkcs11_provider_st {
         struct ck_function_list *module;
         unsigned active;
+       unsigned trusted; /* in the sense of p11-kit trusted:
+                          * it can be used for verification */
         struct ck_info info;
  };
  
@@ -230,6 +232,10 @@ pkcs11_add_module(const char* name, struct ck_function_list *module)
         active_providers++;
         providers[active_providers - 1].module = module;
         providers[active_providers - 1].active = 1;
+
+       if (p11_kit_module_get_flags(module) & P11_KIT_MODULE_TRUSTED)
+               providers[active_providers - 1].trusted = 1;
+
         memcpy(&providers[active_providers - 1].info, &info, sizeof(info));
  
         return 0;
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 08:09:50 +0000 (09:09 +0100)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 13 Feb 2014 08:40:59 +0000 (09:40 +0100)