esteid: Do not set CKA_ALWAYS_AUTHENTICATE for the "Allkirjastamine" key
CKA_ALWAYS_AUTHENTICATE implies CKU_CONTEXT_SPECIFIC login, but all this key really should need is a C_Login with CKU_USER. The historical reason for having CKA_ALWAYS_AUTHENTICATE set was to keep Firefox/NSS from using that particular key for SSL connections. However, starting with Firefox 8, NSS ignores Non Repudiation certificates for SSL and that makes the CKA_ALWAYS_AUTHENTICATE workaround unnecessary. Now that Firefox is fixed, drop the workaround in OpenSC so that applications that follow the pkcs11 spec wouldn't have to login twice to access the key.
This commit is contained in:
parent
4e5ef8f1c9
commit
124d6e3a40
|
@ -244,7 +244,7 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
|
|||
strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
|
||||
prkey_obj.auth_id.len = 1;
|
||||
prkey_obj.auth_id.value[0] = prkey_pin[i];
|
||||
prkey_obj.user_consent = (i == 1) ? 1 : 0;
|
||||
prkey_obj.user_consent = 0;
|
||||
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
|
||||
|
||||
r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);
|
||||
|
|
Loading…
Reference in New Issue