pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode

When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 trust store was not loaded, and thus prevent any certificate validation. This change allows initializing the trust modules only even if generic PKCS#11 support is disabled by the application. Relates #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-10-30 11:29:38 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-11-04 17:19:57 +0100
commit: 7768d5c93c65fd3b288eaf4a5dde80de28872685 (patch)
tree: 500fcbd02c22c561a846808926314416b2f22869 /lib/pkcs11_privkey.c
parent: 8f8276703873b389cf183fbdc5df1aa33714d7a5 (diff)
download: gnutls-7768d5c93c65fd3b288eaf4a5dde80de28872685.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 7150343874..4a9d928a36 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -36,7 +36,7 @@
 /* In case of a fork, it will invalidate the open session
  * in the privkey and start another */
 #define PKCS11_CHECK_INIT_PRIVKEY(k) \
-	ret = _gnutls_pkcs11_check_init(0, k, reopen_privkey_session); \
+	ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, k, reopen_privkey_session); \
 	if (ret < 0) \
 		return gnutls_assert_val(ret)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-10-30 11:29:38 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-11-04 17:19:57 +0100
commit	7768d5c93c65fd3b288eaf4a5dde80de28872685 (patch)
tree	500fcbd02c22c561a846808926314416b2f22869 /lib/pkcs11_privkey.c
parent	8f8276703873b389cf183fbdc5df1aa33714d7a5 (diff)
download	gnutls-7768d5c93c65fd3b288eaf4a5dde80de28872685.tar.gz