[glib-networking] Stop using deprecated p11-kit functions

From: Michael Catanzaro <mcatanzaro src gnome org>
To: commits-list gnome org
Cc:
Subject: [glib-networking] Stop using deprecated p11-kit functions
Date: Sun, 22 Oct 2017 01:26:18 +0000 (UTC)
commit 5d0dcfd2bd85773e090008a7b1e1f28b9dbe9840
Author: Michael Catanzaro <mcatanzaro igalia com>
Date:   Sat Oct 21 20:03:30 2017 -0500

    Stop using deprecated p11-kit functions
    
    PKCS#11 modules are now opened in managed mode.
    
    This also increases the required p11-kit version to 0.20, which was
    released in 2013.

 meson.build                             |    2 +-
 tls/gnutls/gtlsdatabase-gnutls-pkcs11.c |   27 ++++++++++++---------------
 tls/tests/pkcs11-slot.c                 |    4 ++--
 3 files changed, 15 insertions(+), 18 deletions(-)
---
diff --git a/meson.build b/meson.build
index a90065d..0d6e4d3 100644
--- a/meson.build
+++ b/meson.build
@@ -76,7 +76,7 @@ if enable_tls_support
   # *** Checks for p11-kit  ***
   enable_pkcs11_support = get_option('pkcs11_support')
   if enable_pkcs11_support
-    pkcs11_dep = dependency('p11-kit-1', version: '>= 0.8', required: true)
+    pkcs11_dep = dependency('p11-kit-1', version: '>= 0.20', required: true)
 
     config_h.set('HAVE_PKCS11', enable_pkcs11_support,
                  description: 'Building with PKCS#11 support')
diff --git a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
index 6c4127a..1b137e9 100644
--- a/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
+++ b/tls/gnutls/gtlsdatabase-gnutls-pkcs11.c
@@ -57,9 +57,9 @@ G_DEFINE_TYPE_WITH_CODE (GTlsDatabaseGnutlsPkcs11, g_tls_database_gnutls_pkcs11,
 struct _GTlsDatabaseGnutlsPkcs11Private
 {
   /* no changes after construction */
+  CK_FUNCTION_LIST **modules;
   GList *pkcs11_slots;
   GList *trust_uris;
-  gboolean initialized_registered;
 };
 
 static gboolean
@@ -120,7 +120,7 @@ discover_module_slots_and_options (GTlsDatabaseGnutlsPkcs11   *self,
    * which slots we can use for looking up trust assertionts.
    */
 
-  string = p11_kit_registered_option (module, "x-trust-lookup");
+  string = p11_kit_config_option (module, "x-trust-lookup");
   if (string != NULL)
     {
       uri = p11_kit_uri_new ();
@@ -240,8 +240,8 @@ g_tls_database_gnutls_pkcs11_finalize (GObject *object)
     p11_kit_uri_free (l->data);
   g_list_free (self->priv->trust_uris);
 
-  if (self->priv->initialized_registered)
-    p11_kit_finalize_registered ();
+  if (self->priv->modules)
+    p11_kit_modules_release (self->priv->modules);
 
   G_OBJECT_CLASS (g_tls_database_gnutls_pkcs11_parent_class)->finalize (object);
 }
@@ -1089,23 +1089,20 @@ g_tls_database_gnutls_pkcs11_initable_init (GInitable     *initable,
                                             GError       **error)
 {
   GTlsDatabaseGnutlsPkcs11 *self = G_TLS_DATABASE_GNUTLS_PKCS11 (initable);
-  CK_FUNCTION_LIST_PTR_PTR modules;
   GError *err = NULL;
   gboolean any_success = FALSE;
   gboolean any_failure = FALSE;
-  CK_RV rv;
   guint i;
 
-  g_return_val_if_fail (!self->priv->initialized_registered, FALSE);
-
-  rv = p11_kit_initialize_registered ();
-  if (g_pkcs11_propagate_error (error, rv))
-      return FALSE;
+  g_return_val_if_fail (!self->priv->modules, FALSE);
 
-  self->priv->initialized_registered = TRUE;
+  self->priv->modules = p11_kit_modules_load (NULL, 0);
+  if (self->priv->modules == NULL) {
+    g_set_error_literal (error, G_PKCS11_ERROR, CKR_FUNCTION_FAILED, p11_kit_message ());
+    return FALSE;
+  }
 
-  modules = p11_kit_registered_modules ();
-  for (i = 0; modules[i] != NULL; i++)
+  for (i = 0; self->priv->modules[i] != NULL; i++)
     {
       if (g_cancellable_set_error_if_cancelled (cancellable, error))
         {
@@ -1114,7 +1111,7 @@ g_tls_database_gnutls_pkcs11_initable_init (GInitable     *initable,
           break;
         }
 
-      if (discover_module_slots_and_options (self, modules[i], &err))
+      if (discover_module_slots_and_options (self, self->priv->modules[i], &err))
         {
           /* A module was setup correctly */
           any_success = TRUE;
diff --git a/tls/tests/pkcs11-slot.c b/tls/tests/pkcs11-slot.c
index bae2b25..4fb166f 100644
--- a/tls/tests/pkcs11-slot.c
+++ b/tls/tests/pkcs11-slot.c
@@ -52,7 +52,7 @@ setup_slot (TestSlot        *test,
   /* Copy this so we can replace certain functions in our tests */
   memcpy (&test->funcs, &mock_default_functions, sizeof (test->funcs));
 
-  rv = p11_kit_initialize_module (&test->funcs);
+  rv = p11_kit_module_initialize (&test->funcs);
   g_assert (rv == CKR_OK);
 
   test->slot = g_object_new (G_TYPE_PKCS11_SLOT,
@@ -80,7 +80,7 @@ teardown_slot (TestSlot     *test,
   g_assert_cmpint (G_OBJECT (test->not_present)->ref_count, ==, 1);
   g_object_unref (test->not_present);
 
-  rv = p11_kit_finalize_module (&test->funcs);
+  rv = p11_kit_module_finalize (&test->funcs);
   g_assert (rv == CKR_OK);
 }
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]