Provide API for working with PKCS11 backed certificates
Some basic background: PKCS11 is an abstract API for working with crypto for the purposes of this issue I am interested in one use-case: Certificates on smartcards
So currently there are 2 ways to create a GTlsCertificate
: from a file (or bytes) or opaquely provided by a GTlsBackend
.
Since smartcards are hardware backed and do not provide any files that isn't very helpful so I simply want an API like GTlsCertificate * g_tls_certificate_new_for_pkcs11_uri (const char *uri);
A PKCS11 URI is just a unique identifier to a PKCS11 object (it is guaranteed to not change).
We would also need to provide a pkcs11-uri
property.