diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-10-30 11:29:38 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-11-03 16:10:56 +0000 |
commit | 00ae9ab6d51929b17c43e1424b434a951a59bd58 (patch) | |
tree | 3abbff5d6a448a24ae46cdfd3571e2114b4baa5d /lib/pkcs11_privkey.c | |
parent | e85d0a63b6ffd4421a89bba86d58ec8cf9635aac (diff) | |
download | gnutls-00ae9ab6d51929b17c43e1424b434a951a59bd58.tar.gz |
pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode
When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init()
is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11
trust store was not loaded, and thus prevent any certificate validation.
This change allows initializing the trust modules only even if generic
PKCS#11 support is disabled by the application.
Relates #316
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib/pkcs11_privkey.c')
-rw-r--r-- | lib/pkcs11_privkey.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pkcs11_privkey.c b/lib/pkcs11_privkey.c index 1665cf33f3..afe831ee9b 100644 --- a/lib/pkcs11_privkey.c +++ b/lib/pkcs11_privkey.c @@ -36,7 +36,7 @@ /* In case of a fork, it will invalidate the open session * in the privkey and start another */ #define PKCS11_CHECK_INIT_PRIVKEY(k) \ - ret = _gnutls_pkcs11_check_init(0, k, reopen_privkey_session); \ + ret = _gnutls_pkcs11_check_init(PROV_INIT_MANUAL, k, reopen_privkey_session); \ if (ret < 0) \ return gnutls_assert_val(ret) |