diff --git a/etc/opensc.conf.in b/etc/opensc.conf.in index 98adee06..e5afe834 100644 --- a/etc/opensc.conf.in +++ b/etc/opensc.conf.in @@ -1101,14 +1101,6 @@ app opensc-pkcs11 { # Default: false # create_puk_slot = true; - # Report as 'zero' the CKA_ID attribute of CA certificate - # For the unknown reason the middleware of the manufacturer of gemalto (axalto, gemplus) - # card reports as '0' the CKA_ID of CA cartificates. - # Maybe someone else will need it. (Would be nice to know who and what for -- VTA) - # - # Default: false - # zero_ckaid_for_ca_certs = true; - # Symbolic names of PINs for which slots are created # Card can contain more then one PINs or more then one on-card application with # its own PINs. Normally, to access all of them with the PKCS#11 API a slot has to be diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index abc59d14..167e0081 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -3334,14 +3334,15 @@ pkcs15_cert_get_attribute(struct sc_pkcs11_session *session, void *object, CK_AT *(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509; break; case CKA_ID: - if (cert->cert_info->authority && sc_pkcs11_conf.zero_ckaid_for_ca_certs) { +#ifdef ZERO_CKAID_FOR_CA_CERTS + if (cert->cert_info->authority) { check_attribute_buffer(attr, 1); *(unsigned char*)attr->pValue = 0; + break; } - else { - check_attribute_buffer(attr, cert->cert_info->id.len); - memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len); - } +#endif + check_attribute_buffer(attr, cert->cert_info->id.len); + memcpy(attr->pValue, cert->cert_info->id.value, cert->cert_info->id.len); break; case CKA_TRUSTED: check_attribute_buffer(attr, sizeof(CK_BBOOL)); diff --git a/src/pkcs11/misc.c b/src/pkcs11/misc.c index 17ab2cdd..bb319771 100644 --- a/src/pkcs11/misc.c +++ b/src/pkcs11/misc.c @@ -458,7 +458,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx) conf->init_sloppy = 1; conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED; conf->create_puk_slot = 0; - conf->zero_ckaid_for_ca_certs = 0; conf->create_slots_flags = SC_PKCS11_SLOT_CREATE_ALL; conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1); @@ -484,7 +483,6 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx) conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN; conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot); - conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs); create_slots_for_pins = (char *)scconf_get_str(conf_block, "create_slots_for_pins", "all"); conf->create_slots_flags = 0; @@ -503,8 +501,8 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx) sc_log(ctx, "PKCS#11 options: max_virtual_slots=%d slots_per_card=%d " "hide_empty_tokens=%d lock_login=%d atomic=%d pin_unblock_style=%d " - "zero_ckaid_for_ca_certs=%d create_slots_flags=0x%X", + "create_slots_flags=0x%X", conf->max_virtual_slots, conf->slots_per_card, conf->hide_empty_tokens, conf->lock_login, conf->atomic, conf->pin_unblock_style, - conf->zero_ckaid_for_ca_certs, conf->create_slots_flags); + conf->create_slots_flags); } diff --git a/src/pkcs11/sc-pkcs11.h b/src/pkcs11/sc-pkcs11.h index bb59b079..c023ee86 100644 --- a/src/pkcs11/sc-pkcs11.h +++ b/src/pkcs11/sc-pkcs11.h @@ -77,7 +77,6 @@ struct sc_pkcs11_config { unsigned char init_sloppy; unsigned int pin_unblock_style; unsigned int create_puk_slot; - unsigned int zero_ckaid_for_ca_certs; unsigned int create_slots_flags; unsigned char ignore_pin_length; };