Added gnutls_pkcs11_reinit().

Conflicts:

	NEWS
	doc/cha-cert-auth2.texi
	lib/libgnutls.map

5 files changed, 36 insertions, 2 deletions

diff --git a/NEWS b/NEWS
index a5c56c8451..a11f02b459 100644
--- a/NEWS
+++ b/NEWS
@@ -8,11 +8,15 @@ Version 2.12.17 (unreleased)
 ** libgnutls: Corrections in record packet parsing.
 Reported by Matthew Hall.
 
+** libgnutls: Added function to force explicit reinitialization
+of PKCS #11 modules. This is required on the child process after
+a fork.
+
 ** libgnutls: PKCS #11 objects that do not have ID
 no longer crash listing. Reported by Sven Geggus.
 
 ** API and ABI modifications:
-No changes since last version.
+gnutls_pkcs11_reinit: Added
 
 
 Version 2.12.16 (released 2011-01-06)
diff --git a/configure.ac b/configure.ac
index aec1b1f970..49230d7e4e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -85,7 +85,7 @@ AC_ARG_WITH(p11-kit,
 		[Build without p11-kit and PKCS#11 support]))
 AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no")
 if test "$with_p11_kit" != "no"; then
-	PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= 0.2])
+	PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= 0.11])
 	AC_DEFINE(ENABLE_PKCS11, 1, [Build PKCS#11 support])
 	CFLAGS="$CFLAGS $P11_KIT_CFLAGS"
 	LIBS="$LIBS $P11_KIT_LIBS"
diff --git a/lib/includes/gnutls/pkcs11.h b/lib/includes/gnutls/pkcs11.h
index 3f2387985a..f4284b7724 100644
--- a/lib/includes/gnutls/pkcs11.h
+++ b/lib/includes/gnutls/pkcs11.h
@@ -93,6 +93,7 @@ typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
  */
 
 int gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file);
+int gnutls_pkcs11_reinit (void);
 void gnutls_pkcs11_deinit (void);
 void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
                                        void *userdata);
diff --git a/lib/libgnutls.map b/lib/libgnutls.map
index bd61b62366..f14441bc5e 100644
--- a/lib/libgnutls.map
+++ b/lib/libgnutls.map
@@ -693,6 +693,7 @@ GNUTLS_2_12
 	gnutls_certificate_get_issuer;
 	gnutls_x509_crq_verify;
 	gnutls_global_set_time_function;
+	gnutls_pkcs11_reinit;
 } GNUTLS_2_10;
 
 GNUTLS_PRIVATE {
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index f4f64f702b..6fc55a2021 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -570,6 +570,34 @@ gnutls_pkcs11_init (unsigned int flags, const char *deprecated_config_file)
 }
 
 /**
+ * gnutls_pkcs11_reinit:
+ *
+ * This function will reinitialize the PKCS 11 subsystem in gnutls. 
+ * This is required by PKCS 11 when an application uses fork(). The
+ * reinitialization function must be called on the child.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
+ *   negative error value.
+ *
+ * Since: 3.0.0
+ **/
+int gnutls_pkcs11_reinit (void)
+{
+  int rv;
+
+  rv = p11_kit_initialize_registered ();
+  if (rv != CKR_OK)
+    {
+      gnutls_assert ();
+      _gnutls_debug_log ("Cannot initialize registered module: %s\n",
+                         p11_kit_strerror (rv));
+      return GNUTLS_E_INTERNAL_ERROR;
+    }
+
+  return 0;
+}
+
+/**
  * gnutls_pkcs11_deinit:
  *
  * This function will deinitialize the PKCS 11 subsystem in gnutls.