diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-30 11:29:38 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-11-04 17:19:57 +0100 |
commit | 7768d5c93c65fd3b288eaf4a5dde80de28872685 (patch) | |
tree | 500fcbd02c22c561a846808926314416b2f22869 /lib/pkcs11_privkey.c | |
parent | 8f8276703873b389cf183fbdc5df1aa33714d7a5 (diff) | |
download | gnutls-7768d5c93c65fd3b288eaf4a5dde80de28872685.tar.gz |
pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode
When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
trust store was not loaded, and thus prevent any certificate validation.
This change allows initializing the trust modules only even if generic
PKCS#11 support is disabled by the application.
Relates #316
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pkcs11_privkey.c')
-rw-r--r-- | lib/pkcs11_privkey.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 7150343874..4a9d928a36 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -36,7 +36,7 @@ /* In case of a fork, it will invalidate the open session * in the privkey and start another */ #define PKCS11_CHECK_INIT_PRIVKEY(k) \ - ret = _gnutls_pkcs11_check_init(0, k, reopen_privkey_session); \ + ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, k, reopen_privkey_session); \ if (ret < 0) \ return gnutls_assert_val(ret) |