[glib-networking] Remove the PKCS#11 backend
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [glib-networking] Remove the PKCS#11 backend
- Date: Mon, 12 Nov 2018 02:10:42 +0000 (UTC)
commit 4d6caa033051f55a157d8b7fb9debdc2fa7e561e
Author: Michael Catanzaro <mcatanzaro igalia com>
Date: Sun Nov 11 20:05:56 2018 -0600
Remove the PKCS#11 backend
Nowadays the normal GnuTLS backend has full PKCS#11 support. (At least,
it's certainly supposed to.) The PKCS#11 backend has been disabled in
2.58, which is two months old now, and not a single complaint has
reached me from Ubuntu 18.10 or Fedora 29 or anywhere else. It's always
required a special environment variable to enable anyway, so I consider
all of this code experimental.
If anyone has a reason to keep this code around, please speak up now! We
can consider reverting this if there's a good reason to keep the PKCS#11
backend around that I'm not aware of. But I'm guessing there's not.
Fixes #7
Obsoletes #8
meson.build | 16 +-
meson_options.txt | 1 -
po/POTFILES.in | 2 -
tls/gnutls/gnutls-module.c | 4 -
tls/gnutls/gtlsbackend-gnutls-pkcs11.c | 74 --
tls/gnutls/gtlsbackend-gnutls-pkcs11.h | 45 -
tls/gnutls/gtlscertificate-gnutls-pkcs11.c | 226 ----
tls/gnutls/gtlscertificate-gnutls-pkcs11.h | 55 -
tls/gnutls/gtlsconnection-gnutls.c | 76 --
tls/gnutls/gtlsdatabase-gnutls-pkcs11.c | 1145 --------------------
tls/gnutls/gtlsdatabase-gnutls-pkcs11.h | 44 -
tls/gnutls/meson.build | 12 -
tls/pkcs11/gpkcs11array.c | 282 -----
tls/pkcs11/gpkcs11array.h | 107 --
tls/pkcs11/gpkcs11pin.c | 159 ---
tls/pkcs11/gpkcs11pin.h | 46 -
tls/pkcs11/gpkcs11slot.c | 618 -----------
tls/pkcs11/gpkcs11slot.h | 73 --
tls/pkcs11/gpkcs11util.c | 63 --
tls/pkcs11/gpkcs11util.h | 51 -
tls/pkcs11/meson.build | 28 -
tls/pkcs11/pkcs11-trust-assertions.h | 59 --
tls/tests/meson.build | 14 -
tls/tests/mock-pkcs11.c | 1547 ----------------------------
tls/tests/mock-pkcs11.h | 396 -------
tls/tests/pkcs11-array.c | 288 ------
tls/tests/pkcs11-pin.c | 152 ---
tls/tests/pkcs11-slot.c | 526 ----------
tls/tests/pkcs11-util.c | 63 --
29 files changed, 2 insertions(+), 6170 deletions(-)
---
diff --git a/meson.build b/meson.build
index 70180b3..73bf5cb 100644
--- a/meson.build
+++ b/meson.build
@@ -75,14 +75,6 @@ gnutls_dep = dependency('gnutls', version: '>= 3.4.6', required: get_option('gnu
if gnutls_dep.found()
backends += ['gnutls']
-
- # *** Checks for p11-kit ***
- pkcs11_dep = dependency('p11-kit-1', version: '>= 0.20', required: get_option('pkcs11'))
-
- if pkcs11_dep.found()
- config_h.set('HAVE_PKCS11', 1,
- description: 'Building with PKCS#11 support')
- endif
endif
if backends.length() == 0
@@ -129,10 +121,6 @@ if libproxy_dep.found() or gsettings_desktop_schemas_dep.found()
subdir('proxy/tests')
endif
-if pkcs11_dep.found()
- subdir('tls/pkcs11')
-endif
-
if gnutls_dep.found()
subdir('tls/gnutls')
endif
@@ -145,8 +133,8 @@ if gio_querymodules.found()
meson.add_install_script('meson_post_install.py', gio_querymodules.path(), gio_module_dir)
endif
-output = '\n\n gnutls support: ' + libproxy_dep.found().to_string() + '\n'
+output = '\n\n'
+output += ' GnuTLS support: ' + libproxy_dep.found().to_string() + '\n'
output += ' libproxy support: ' + libproxy_dep.found().to_string() + '\n'
output += ' GNOME proxy support: ' + gsettings_desktop_schemas_dep.found().to_string() + '\n'
-output += ' PKCS#11 support: ' + pkcs11_dep.found().to_string() + '\n'
message(output)
diff --git a/meson_options.txt b/meson_options.txt
index 9ae11ed..d5a8279 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,6 +1,5 @@
option('gnutls', type: 'feature', value: 'auto', description: 'support for GnuTLS networking configration')
option('libproxy', type: 'feature', value: 'auto', description: 'support for libproxy proxy configration')
option('gnome_proxy', type: 'feature', value: 'auto', description: 'support for GNOME desktop proxy
configuration')
-option('pkcs11', type: 'feature', value: 'disabled', description: 'support for PKCS#11 using p11-kit')
option('installed_tests', type: 'boolean', value: false, description: 'enable installed tests')
option('static_modules', type: 'boolean', value: false, description: 'build static modules')
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 3e3b61c..fc06c5b 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -6,5 +6,3 @@ tls/gnutls/gtlsdatabase-gnutls.c
tls/gnutls/gtlsinputstream-gnutls.c
tls/gnutls/gtlsoutputstream-gnutls.c
tls/gnutls/gtlsserverconnection-gnutls.c
-tls/pkcs11/gpkcs11pin.c
-tls/pkcs11/gpkcs11slot.c
diff --git a/tls/gnutls/gnutls-module.c b/tls/gnutls/gnutls-module.c
index 3ebf0d4..8983bd7 100644
--- a/tls/gnutls/gnutls-module.c
+++ b/tls/gnutls/gnutls-module.c
@@ -28,7 +28,6 @@
#include <glib/gi18n-lib.h>
#include "gtlsbackend-gnutls.h"
-#include "gtlsbackend-gnutls-pkcs11.h"
void
@@ -40,9 +39,6 @@ g_io_gnutls_load (GIOModule *module)
#endif
g_tls_backend_gnutls_register (module);
-#ifdef HAVE_PKCS11
- g_tls_backend_gnutls_pkcs11_register (module);
-#endif
#ifdef G_OS_WIN32
base_dir = g_win32_get_package_installation_directory_of_module (NULL);
diff --git a/tls/gnutls/gtlsconnection-gnutls.c b/tls/gnutls/gtlsconnection-gnutls.c
index c4ba01c..3e1b5a3 100644
--- a/tls/gnutls/gtlsconnection-gnutls.c
+++ b/tls/gnutls/gtlsconnection-gnutls.c
@@ -40,11 +40,6 @@
#include "gtlsoutputstream-gnutls.h"
#include "gtlsserverconnection-gnutls.h"
-#ifdef HAVE_PKCS11
-#include <p11-kit/pin.h>
-#include "pkcs11/gpkcs11pin.h"
-#endif
-
#ifdef G_OS_WIN32
#include <winsock2.h>
#include <winerror.h>
@@ -108,14 +103,6 @@ static gboolean g_tls_connection_gnutls_initable_init (GInitable *in
static void g_tls_connection_gnutls_dtls_connection_iface_init (GDtlsConnectionInterface *iface);
static void g_tls_connection_gnutls_datagram_based_iface_init (GDatagramBasedInterface *iface);
-#ifdef HAVE_PKCS11
-static P11KitPin* on_pin_prompt_callback (const char *pinfile,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags,
- void *callback_data);
-#endif
-
static void g_tls_connection_gnutls_init_priorities (void);
static int verify_certificate_cb (gnutls_session_t session);
@@ -273,11 +260,6 @@ g_tls_connection_gnutls_init (GTlsConnectionGnutls *gnutls)
unique_id = g_atomic_int_add (&unique_interaction_id, 1);
priv->interaction_id = g_strdup_printf ("gtls:%d", unique_id);
-#ifdef HAVE_PKCS11
- p11_kit_pin_register_callback (priv->interaction_id,
- on_pin_prompt_callback, gnutls, NULL);
-#endif
-
priv->waiting_for_op = g_cancellable_new ();
g_cancellable_cancel (priv->waiting_for_op);
g_mutex_init (&priv->op_mutex);
@@ -471,10 +453,6 @@ g_tls_connection_gnutls_finalize (GObject *object)
g_clear_pointer (&priv->app_data_buf, g_byte_array_unref);
-#ifdef HAVE_PKCS11
- p11_kit_pin_unregister_callback (priv->interaction_id,
- on_pin_prompt_callback, gnutls);
-#endif
g_free (priv->interaction_id);
g_clear_object (&priv->interaction);
@@ -3029,60 +3007,6 @@ g_tls_connection_gnutls_dtls_shutdown_finish (GDtlsConnection *conn,
return g_task_propagate_boolean (G_TASK (result), error);
}
-#ifdef HAVE_PKCS11
-
-static P11KitPin*
-on_pin_prompt_callback (const char *pinfile,
- P11KitUri *pin_uri,
- const char *pin_description,
- P11KitPinFlags pin_flags,
- void *callback_data)
-{
- GTlsConnectionGnutls *gnutls = G_TLS_CONNECTION_GNUTLS (callback_data);
- GTlsConnectionGnutlsPrivate *priv = g_tls_connection_gnutls_get_instance_private (gnutls);
- GTlsInteractionResult result;
- GTlsPasswordFlags flags = 0;
- GTlsPassword *password;
- P11KitPin *pin = NULL;
- GError *error = NULL;
-
- if (!priv->interaction)
- return NULL;
-
- if (pin_flags & P11_KIT_PIN_FLAGS_RETRY)
- flags |= G_TLS_PASSWORD_RETRY;
- if (pin_flags & P11_KIT_PIN_FLAGS_MANY_TRIES)
- flags |= G_TLS_PASSWORD_MANY_TRIES;
- if (pin_flags & P11_KIT_PIN_FLAGS_FINAL_TRY)
- flags |= G_TLS_PASSWORD_FINAL_TRY;
-
- password = g_pkcs11_pin_new (flags, pin_description);
-
- result = g_tls_interaction_ask_password (priv->interaction, password,
- g_cancellable_get_current (), &error);
-
- switch (result)
- {
- case G_TLS_INTERACTION_FAILED:
- if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED))
- g_warning ("couldn't ask for password: %s", error->message);
- pin = NULL;
- break;
- case G_TLS_INTERACTION_UNHANDLED:
- default:
- pin = NULL;
- break;
- case G_TLS_INTERACTION_HANDLED:
- pin = g_pkcs11_pin_steal_internal (G_PKCS11_PIN (password));
- break;
- }
-
- g_object_unref (password);
- return pin;
-}
-
-#endif /* HAVE_PKCS11 */
-
static void
g_tls_connection_gnutls_class_init (GTlsConnectionGnutlsClass *klass)
{
diff --git a/tls/gnutls/meson.build b/tls/gnutls/meson.build
index 55280c9..168e353 100644
--- a/tls/gnutls/meson.build
+++ b/tls/gnutls/meson.build
@@ -21,18 +21,6 @@ deps = [
gnutls_dep
]
-if pkcs11_dep.found()
- sources += files(
- 'gtlsbackend-gnutls-pkcs11.c',
- 'gtlscertificate-gnutls-pkcs11.c',
- 'gtlsdatabase-gnutls-pkcs11.c'
- )
-
- incs += tls_inc
-
- deps += libgiopkcs11_dep
-endif
-
module = shared_module(
'giognutls',
sources: sources,
diff --git a/tls/tests/meson.build b/tls/tests/meson.build
index 3bdba0e..f8afde6 100644
--- a/tls/tests/meson.build
+++ b/tls/tests/meson.build
@@ -28,20 +28,6 @@ test_programs = [
['dtls-connection', ['mock-interaction.c'], deps],
]
-if pkcs11_dep.found()
- pkcs11_deps = deps + [
- libgiopkcs11_dep,
- pkcs11_dep
- ]
-
- test_programs += [
- ['pkcs11-util', [], pkcs11_deps],
- ['pkcs11-array', [], pkcs11_deps],
- ['pkcs11-pin', [], pkcs11_deps],
- ['pkcs11-slot', ['mock-interaction.c', 'mock-pkcs11.c'], pkcs11_deps]
- ]
-endif
-
foreach backend: backends
foreach program: test_programs
program_name = program[0] + '-' + backend
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
