[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Problems with automatic pkcs11 reinit on fork
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Problems with automatic pkcs11 reinit on fork |
|
Date: |
Sat, 29 Oct 2011 14:23:37 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13 |
On 10/10/2011 06:17 PM, Stef Walter wrote:
>> Then I'd have exactly the same problem that you have. Performance issues
>> :) It might be better for this issue to be solved once and for all users
>> of p11-kit.
>
> It's pretty hard to do this correctly at the p11-kit layer. We cannot
> transparently hide the fact that all of a sudden all slots, token info,
> sessions, objects, and other handles have been invalidated. Therefore
> any structures that gnutls is holding must also be cleared on fork.
>
> Forgive me if I'm missing something, but the only way I see to solve
> this part of the problem is for p11-kit to notify gnutls that any and
> all PKCS#11 state is invalid. gnutls would then start from a clean
> pkcs#11 state. I'll work on some patches for gnutls.
Hi any update on that (on the p11-kit part). Would p11-kit provide a
callback when reinitialization occurs, or should gnutls use pthread_atfork?
regards,
Nikos
Re: Problems with automatic pkcs11 reinit on fork, Alon Bar-Lev, 2011/10/10