GSoC Report #2 – Certificate Fetching PKCS#11 module

Last week I had some slack from college classes / projects and I could get some work done.


Compiling the module obviously needs to be easy, so adding autotools was mandatory. Despite having used configure, make, make install commands several times, I have never added autotools into a project.
After some work the project compiles using autootols, it certainly needs some improving, but now is not the time. I had other concerns at that time…

Fetching Contacts

The way the contacts would be accessed from the PKCS#11 module was still uncertain to me. My mentor, David Woodhouse, said that I could run into access control issues, so I was eager to know if there would be trouble.

Using the interface provided by libebook.h I built an application that asked Evolution for contacts, actually, it was very straight forward to do it. ;)
Having learnt the way of getting contacts’ data, I mimicked the logic into the PKCS#11 module.

Now I needed to test the module’s new capability, but I wanted to have more control than simply loading it into NSS and reading debug logs.
So I wrote another test application, which loads the PKCS#11 module and calls for PKCS#11 methods.
Well, this application can successfully fetch X509 certificates from a contact in Evolution address book! yey!

So, I happily rushed to load the module into NSS to see that it…Hangs, and NSS doesn’t even get to load the module.
It is hanging on its initialization, while asking for Evolution’s source registry. Looks like it’s having problems with DBus and waiting on a pthread_cond_wait(). Hopefully I’ll get through this quickly.

Progress and schedule 

Surely there are some edges to round up but I am pretty much satisfied with the progress till now.
But rough June is not done yet, and I still have an exam to go through.

What comes next

I’ll focus on finishing the fetching and handling of certificates.
After that I’ll go on to implement module internals like proper session object management.

July looks promising, with more time to work on GSoC, vacations, and  I could not not forget to mention that I’ll be attending GUADEC.

Lots of thanks to GNOME Foundation for helping me attend the conference by sponsoring me.

Gnome Sponsored




One thought on “GSoC Report #2 – Certificate Fetching PKCS#11 module

  1. It’s possible that NSS locks down the environment for loaded modules by removing any environment variables it doesn’t understand. Try printing the value of the ‘environ’ variable and see if DBUS_SESSION_BUS_ADDRESS is present.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s