giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

esteid: Do not set CKA_ALWAYS_AUTHENTICATE for the "Allkirjastamine" key 

CKA_ALWAYS_AUTHENTICATE implies CKU_CONTEXT_SPECIFIC login, but all this
key really should need is a C_Login with CKU_USER.

The historical reason for having CKA_ALWAYS_AUTHENTICATE set was to keep
Firefox/NSS from using that particular key for SSL connections. However,
starting with Firefox 8, NSS ignores Non Repudiation certificates for
SSL and that makes the CKA_ALWAYS_AUTHENTICATE workaround unnecessary.

Now that Firefox is fixed, drop the workaround in OpenSC so that
applications that follow the pkcs11 spec wouldn't have to login twice to
access the key.
This commit is contained in:
Kalev Lember 2012-02-13 14:34:31 +02:00
parent 4e5ef8f1c9
commit 124d6e3a40
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libopensc/pkcs15-esteid.c
View File

@ -244,7 +244,7 @@ sc_pkcs15emu_esteid_init (sc_pkcs15_card_t * p15card)
strlcpy(prkey_obj.label, prkey_name[i], sizeof(prkey_obj.label));
prkey_obj.auth_id.len = 1;
prkey_obj.auth_id.value[0] = prkey_pin[i];
prkey_obj.user_consent = (i == 1) ? 1 : 0;
prkey_obj.user_consent = 0;
prkey_obj.flags = SC_PKCS15_CO_FLAG_PRIVATE;
r = sc_pkcs15emu_add_rsa_prkey(p15card, &prkey_obj, &prkey_info);