From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 13 Feb 2014 08:09:50 +0000 (+0100)
Subject: mark trusted p11-kit modules as trusted.
X-Git-Tag: gnutls_3_3_0pre0~191
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=7146254f88f0a7d0742767e45d4e9ade6070f047;p=thirdparty%2Fgnutls.git

mark trusted p11-kit modules as trusted.
---

diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index 67fc0e6c2b..7f87877ceb 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -51,6 +51,8 @@ extern void *_gnutls_pkcs11_mutex;
 struct gnutls_pkcs11_provider_st {
 	struct ck_function_list *module;
 	unsigned active;
+	unsigned trusted; /* in the sense of p11-kit trusted:
+	                   * it can be used for verification */
 	struct ck_info info;
 };
 
@@ -230,6 +232,10 @@ pkcs11_add_module(const char* name, struct ck_function_list *module)
 	active_providers++;
 	providers[active_providers - 1].module = module;
 	providers[active_providers - 1].active = 1;
+
+	if (p11_kit_module_get_flags(module) & P11_KIT_MODULE_TRUSTED)
+		providers[active_providers - 1].trusted = 1;
+
 	memcpy(&providers[active_providers - 1].info, &info, sizeof(info));
 
 	return 0;