Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs

1 files changed, 7 insertions, 1 deletions

diff --git a/lib/pkcs11_int.h b/lib/pkcs11_int.h
index 7d2ed676a1..7cec42bd8a 100644
--- a/lib/pkcs11_int.h
+++ b/lib/pkcs11_int.h
@@ -82,7 +82,7 @@ typedef int (*find_func_t) (struct pkcs11_session_info *,
 			    void *input);
 
 int pkcs11_rv_to_err(ck_rv_t rv);
-int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info);
+int pkcs11_url_to_info(const char *url, struct p11_kit_uri **info, unsigned flags);
 int
 pkcs11_find_slot(struct ck_function_list **module, ck_slot_id_t * slot,
 		 struct p11_kit_uri *info, struct ck_token_info *_tinfo,
@@ -128,6 +128,12 @@ int _pkcs11_traverse_tokens(find_func_t find_func, void *input,
 			    unsigned int flags);
 ck_object_class_t pkcs11_strtype_to_class(const char *type);
 
+/* Additional internal flags for gnutls_pkcs11_obj_flags */
+/* @GNUTLS_PKCS11_OBJ_FLAG_EXPECT_CERT: When importing an object, provide a hint on the type, to allow incomplete URLs
+ * @GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PRIVKEY: Hint for private key */
+#define GNUTLS_PKCS11_OBJ_FLAG_EXPECT_CERT (1<<29)
+#define GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PRIVKEY (1<<30)
+
 int pkcs11_token_matches_info(struct p11_kit_uri *info,
 			      struct ck_token_info *tinfo,
 			      struct ck_info *lib_info);