On Tue, Jul 18, 2017 at 3:22 PM, Rick van Rein <[email protected]> wrote: > Hello Nikos, > > As you know, I am building a TLS Pool which separates applications from > TLS security. I have requests to make this into a multi-tenant process, > so it could run on a client machine and service each client without > interference. > > https://github.com/arpa2/tlspool/issues/36 > > This is a nettly request, but most things are now starting to resolve. > One thing that may be blocking it, is the fact that GnuTLS has a global > setup for PKCS #11, including the available tokens and their PINs. Is > that correct, or is there a way to get around this?
Could you describe the ideal situation of handling smart cards for the use case above? The situation in gnutls is that pkcs11 shared modules are loaded globally, pins etc are cached/used per private key, operation. > I do realise that GnuTLS is a library, and was not design with a > multi-tenant mindset. So if this is the stopper of the multi-tenancy > show than that does not indicate to me that GnuTLS is bad :) just that a > multi-tenant TLS Pool would be stretching it too far. Note that PKCS#11 utilizes global state per process and it may not be possible to have various modules loaded by different parts of the process without co-ordination. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
