pkcs11: configuration option to report as zero the CKA_ID of CA certificates
In fact, the middleware of the manufacturer of the gemalto (axalto, gemplus) cards reports the CKA_ID of CA certificates as '0'. But it's not true for the others middlewares (Oberthur), NSS (afais) and PKCS#11 standard. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4095 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
54d2b20fe2
commit
e47baeaf9e
|
@ -2009,9 +2009,8 @@ static CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
|
||||||
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
||||||
break;
|
break;
|
||||||
case CKA_ID:
|
case CKA_ID:
|
||||||
/* Not sure why CA certs should be reported with an
|
if (cert->cert_info->authority
|
||||||
* ID of 00. --okir 20030413 */
|
&& sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
|
||||||
if (cert->cert_info->authority) {
|
|
||||||
check_attribute_buffer(attr, 1);
|
check_attribute_buffer(attr, 1);
|
||||||
*(unsigned char*)attr->pValue = 0;
|
*(unsigned char*)attr->pValue = 0;
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -261,6 +261,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
conf->soft_keygen_allowed = 0;
|
conf->soft_keygen_allowed = 0;
|
||||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||||
conf->create_puk_slot = 0;
|
conf->create_puk_slot = 0;
|
||||||
|
conf->zero_ckaid_for_ca_certs = 0;
|
||||||
|
|
||||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||||
if (!conf_block)
|
if (!conf_block)
|
||||||
|
@ -285,9 +286,11 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
||||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
||||||
|
|
||||||
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
||||||
|
conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
|
||||||
|
|
||||||
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
||||||
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
|
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d zero_ckaid_for_ca_certs=%d",
|
||||||
conf->plug_and_play, conf->max_virtual_slots, conf->slots_per_card,
|
conf->plug_and_play, conf->max_virtual_slots, conf->slots_per_card,
|
||||||
conf->hide_empty_tokens, conf->lock_login, conf->pin_unblock_style);
|
conf->hide_empty_tokens, conf->lock_login, conf->pin_unblock_style,
|
||||||
|
conf->zero_ckaid_for_ca_certs);
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,6 +80,7 @@ struct sc_pkcs11_config {
|
||||||
unsigned char soft_keygen_allowed;
|
unsigned char soft_keygen_allowed;
|
||||||
unsigned int pin_unblock_style;
|
unsigned int pin_unblock_style;
|
||||||
unsigned int create_puk_slot;
|
unsigned int create_puk_slot;
|
||||||
|
unsigned int zero_ckaid_for_ca_certs;
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in New Issue