[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )

[Andrew Fan]

Aleksey Sanin wrote:

> Hi, Andrew!
>
> I got the new files but I think your forgot to attach diffs for 
> existing files.
> Because right now these are just standalone files and nobody uses them :)

I want to patch the branch step by step. If you agree that the new 
interfaces can take the place of "PK11_GetBestSlot" in other files. I'll 
modify them like pkikeys.c.  Because they're standalone files, so I 
think there is no diffs. :-)

Today, I'll patch other files and I'll provide the diffs. :-)

Many Thanks,
Andrew

>
> Aleksey
>
>
> Andrew Fan wrote:
>
>> Hi,
>>
>> This xmlsec-nss patch is based on the XMLSEC_NSS_030714 branch. It 
>> add two new files in order to support end-user designated PKCS#11 
>> slot instead of useing the default NSS built-in ones( 
>> PK11_GetBestSlot ).
>>
>> Why I add the new interfaces:
>> 1. NSS' function "PK11_GetBestSlot ", which will load all of the 
>> internal built-in slots or all of the actived pkcs11 module's slots;
>> 2. Some time, end user hopes that a certain crypto operation act in a 
>> certain crypto device, especially in multi-crypto-devices environment.
>> 3. Some time, a key generated from a certain slot, it only work in 
>> that slot( such as RSA private key ). PK11_GetBestSlot can not ensure 
>> this. In the case, end user can assign the specific slot with the new 
>> interface.
>>
>> Here's the usage of the interfaces:
>> 1. "xmlSecSetSlotList" is used to set the user designated slot list.
>> 2. "xmlSecFreeSlot" is used to destroy the slot list repository.
>> 3. When generate a new key, "xmlSecGetSlot" gives the user designated 
>> slot;
>> 4. If end user want to maintain the slot list repository, he can 
>> access the repository with "xmlSecGetSlotList".
>>
>> Andrew
>>
>>  
>>
>
>