Removed unused configuration option `zero_ckaid_for_ca_certs`
It was used to make pkcs11-tool work with vendor defined PKCS#11 modules. If this behavior is still desired, pass the define ZERO_CKAID_FOR_CA_CERTS during the build
This commit is contained in:
parent
d11e05fe1f
commit
078e99fdca
|
@ -1101,14 +1101,6 @@ app opensc-pkcs11 {
|
|||
# Default: false
|
||||
# create_puk_slot = true;
|
||||
|
||||
# Report as 'zero' the CKA_ID attribute of CA certificate
|
||||
# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
|
||||
# card reports as '0' the CKA_ID of CA cartificates.
|
||||
# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
|
||||
#
|
||||
# Default: false
|
||||
# zero_ckaid_for_ca_certs = true;
|
||||
|
||||
# Symbolic names of PINs for which slots are created
|
||||
# Card can contain more then one PINs or more then one on-card application with
|
||||
# its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be
|
||||
|
|
|
@ -3334,14 +3334,15 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
|
|||
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
||||
break;
|
||||
case CKA_ID:
|
||||
if (cert->cert_info->authority && sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
|
||||
#ifdef ZERO_CKAID_FOR_CA_CERTS
|
||||
if (cert->cert_info->authority) {
|
||||
check_attribute_buffer(attr, 1);
|
||||
*(unsigned char*)attr->pValue = 0;
|
||||
break;
|
||||
}
|
||||
else {
|
||||
check_attribute_buffer(attr, cert->cert_info->id.len);
|
||||
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
|
||||
}
|
||||
#endif
|
||||
check_attribute_buffer(attr, cert->cert_info->id.len);
|
||||
memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
|
||||
break;
|
||||
case CKA_TRUSTED:
|
||||
check_attribute_buffer(attr, sizeof(CK_BBOOL));
|
||||
|
|
|
@ -458,7 +458,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
conf->init_sloppy = 1;
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||
conf->create_puk_slot = 0;
|
||||
conf->zero_ckaid_for_ca_certs = 0;
|
||||
conf->create_slots_flags = SC_PKCS11_SLOT_CREATE_ALL;
|
||||
|
||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||
|
@ -484,7 +483,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
||||
|
||||
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
||||
conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
|
||||
|
||||
create_slots_for_pins = (char *)scconf_get_str(conf_block, "create_slots_for_pins", "all");
|
||||
conf->create_slots_flags = 0;
|
||||
|
@ -503,8 +501,8 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
|
||||
sc_log(ctx, "PKCS#11 options: max_virtual_slots=%d slots_per_card=%d "
|
||||
"hide_empty_tokens=%d lock_login=%d atomic=%d pin_unblock_style=%d "
|
||||
"zero_ckaid_for_ca_certs=%d create_slots_flags=0x%X",
|
||||
"create_slots_flags=0x%X",
|
||||
conf->max_virtual_slots, conf->slots_per_card,
|
||||
conf->hide_empty_tokens, conf->lock_login, conf->atomic, conf->pin_unblock_style,
|
||||
conf->zero_ckaid_for_ca_certs, conf->create_slots_flags);
|
||||
conf->create_slots_flags);
|
||||
}
|
||||
|
|
|
@ -77,7 +77,6 @@ struct sc_pkcs11_config {
|
|||
unsigned char init_sloppy;
|
||||
unsigned int pin_unblock_style;
|
||||
unsigned int create_puk_slot;
|
||||
unsigned int zero_ckaid_for_ca_certs;
|
||||
unsigned int create_slots_flags;
|
||||
unsigned char ignore_pin_length;
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue