Removed unused configuration option `zero_ckaid_for_ca_certs`

It was used to make pkcs11-tool work with vendor defined PKCS#11
modules. If this behavior is still desired, pass the define
ZERO_CKAID_FOR_CA_CERTS during the build

etc/opensc.conf.in

@@ -1101,14 +1101,6 @@ app opensc-pkcs11 {
 		# Default: false
 		# create_puk_slot = true;
 
-		# Report as 'zero' the CKA_ID attribute of CA certificate
-		# For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus)
-		# card reports as '0' the CKA_ID of CA cartificates.
-		# Maybe someone else will need it. (Would be nice to know who and what for -- VTA)
-		#
-		# Default: false
-		# zero_ckaid_for_ca_certs = true;
-
 		# Symbolic names of PINs for which slots are created
 		# Card can contain more then one PINs or more then one on-card application with
 		#   its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be

src/pkcs11/framework-pkcs15.c

@@ -3334,14 +3334,15 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT
 		*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
 		break;
 	case CKA_ID:
-		if (cert->cert_info->authority && sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
+#ifdef ZERO_CKAID_FOR_CA_CERTS
+		if (cert->cert_info->authority) {
 			check_attribute_buffer(attr, 1);
 			*(unsigned char*)attr->pValue = 0;
+			break;
 		}
-		else {
-			check_attribute_buffer(attr, cert->cert_info->id.len);
-			memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
-		}
+#endif
+		check_attribute_buffer(attr, cert->cert_info->id.len);
+		memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len);
 		break;
 	case CKA_TRUSTED:
 		check_attribute_buffer(attr, sizeof(CK_BBOOL));

src/pkcs11/misc.c

@@ -458,7 +458,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
 	conf->init_sloppy = 1;
 	conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
 	conf->create_puk_slot = 0;
-	conf->zero_ckaid_for_ca_certs = 0;
 	conf->create_slots_flags = SC_PKCS11_SLOT_CREATE_ALL;
 
 	conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
@@ -484,7 +483,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
 		conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
 
 	conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
-	conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
 
 	create_slots_for_pins = (char *)scconf_get_str(conf_block, "create_slots_for_pins", "all");
 	conf->create_slots_flags = 0;
@@ -503,8 +501,8 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
 
 	sc_log(ctx, "PKCS#11 options: max_virtual_slots=%d slots_per_card=%d "
 		 "hide_empty_tokens=%d lock_login=%d atomic=%d pin_unblock_style=%d "
-		 "zero_ckaid_for_ca_certs=%d create_slots_flags=0x%X",
+		 "create_slots_flags=0x%X",
 		 conf->max_virtual_slots, conf->slots_per_card,
 		 conf->hide_empty_tokens, conf->lock_login, conf->atomic, conf->pin_unblock_style,
-		 conf->zero_ckaid_for_ca_certs, conf->create_slots_flags);
+		 conf->create_slots_flags);
 }

src/pkcs11/sc-pkcs11.h

@@ -77,7 +77,6 @@ struct sc_pkcs11_config {
 	unsigned char init_sloppy;
 	unsigned int pin_unblock_style;
 	unsigned int create_puk_slot;
-	unsigned int zero_ckaid_for_ca_certs;
 	unsigned int create_slots_flags;
 	unsigned char ignore_pin_length;
 };