pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode

When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 trust store was not loaded, and thus prevent any certificate validation. This change allows initializing the trust modules only even if generic PKCS#11 support is disabled by the application. Relates #316 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-10-30 11:29:38 +0100
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2017-11-03 16:10:56 +0000
commit: 00ae9ab6d51929b17c43e1424b434a951a59bd58 (patch)
tree: 3abbff5d6a448a24ae46cdfd3571e2114b4baa5d /lib/pkcs11_privkey.c
parent: e85d0a63b6ffd4421a89bba86d58ec8cf9635aac (diff)
download: gnutls-00ae9ab6d51929b17c43e1424b434a951a59bd58.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c
index 1665cf33f3..afe831ee9b 100644
--- a/lib/pkcs11_privkey.c
+++ b/lib/pkcs11_privkey.c
@@ -36,7 +36,7 @@
 /* In case of a fork, it will invalidate the open session
  * in the privkey and start another */
 #define PKCS11_CHECK_INIT_PRIVKEY(k) \
-	ret = _gnutls_pkcs11_check_init(0, k, reopen_privkey_session); \
+	ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, k, reopen_privkey_session); \
 	if (ret < 0) \
 		return gnutls_assert_val(ret)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-10-30 11:29:38 +0100
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2017-11-03 16:10:56 +0000
commit	00ae9ab6d51929b17c43e1424b434a951a59bd58 (patch)
tree	3abbff5d6a448a24ae46cdfd3571e2114b4baa5d /lib/pkcs11_privkey.c
parent	e85d0a63b6ffd4421a89bba86d58ec8cf9635aac (diff)
download	gnutls-00ae9ab6d51929b17c43e1424b434a951a59bd58.tar.gz