Skip to content

Cannot create GTlsCertificate from PKCS#11

Submitted by David Woodhouse

Link to original bug (#750393)

Description

We appear to have no g_tls_certificate_new_from_pkcs11() function. We should have one.

It should take a PKCS#11 URI according to RFC7512, and automatically use the tokens specified by p11-kit for the currently-running application. No explicit messing with which PKCS#11 modules to load should be necessary.

There might be some merit in g_tls_certificate_new_from_file() actually accepting a PKCS#11 URI as well as a filename — or having some function which does so. Then tools which simply have a text field in their configuration that can take a filename or a PKCS#11 URI don't need to inspect it to find out which it is and call the appropriate g_tls_certificate_new_from_ function.

Version: 2.45.x