pkcs11: configuration option to report as zero the CKA_ID of CA certificates
In fact, the middleware of the manufacturer of the gemalto (axalto, gemplus) cards reports the CKA_ID of CA certificates as '0'. But it's not true for the others middlewares (Oberthur), NSS (afais) and PKCS#11 standard. git-svn-id: https://www.opensc-project.org/svnp/opensc/trunk@4095 c6295689-39f2-0310-b995-f0e70906c6a9
This commit is contained in:
parent
54d2b20fe2
commit
e47baeaf9e
|
@ -2009,9 +2009,8 @@ static CK_RV pkcs15_cert_get_attribute(struct sc_pkcs11_session *session,
|
|||
*(CK_CERTIFICATE_TYPE*)attr->pValue = CKC_X_509;
|
||||
break;
|
||||
case CKA_ID:
|
||||
/* Not sure why CA certs should be reported with an
|
||||
* ID of 00. --okir 20030413 */
|
||||
if (cert->cert_info->authority) {
|
||||
if (cert->cert_info->authority
|
||||
&& sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
|
||||
check_attribute_buffer(attr, 1);
|
||||
*(unsigned char*)attr->pValue = 0;
|
||||
} else {
|
||||
|
|
|
@ -261,6 +261,7 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
conf->soft_keygen_allowed = 0;
|
||||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_NOT_ALLOWED;
|
||||
conf->create_puk_slot = 0;
|
||||
conf->zero_ckaid_for_ca_certs = 0;
|
||||
|
||||
conf_block = sc_get_conf_block(ctx, "pkcs11", NULL, 1);
|
||||
if (!conf_block)
|
||||
|
@ -285,9 +286,11 @@ void load_pkcs11_parameters(struct sc_pkcs11_config *conf, sc_context_t * ctx)
|
|||
conf->pin_unblock_style = SC_PKCS11_PIN_UNBLOCK_SO_LOGGED_INITPIN;
|
||||
|
||||
conf->create_puk_slot = scconf_get_bool(conf_block, "create_puk_slot", conf->create_puk_slot);
|
||||
conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block, "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
|
||||
|
||||
sc_debug(ctx, "PKCS#11 options: plug_and_play=%d max_virtual_slots=%d slots_per_card=%d "
|
||||
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d",
|
||||
"hide_empty_tokens=%d lock_login=%d pin_unblock_style=%d zero_ckaid_for_ca_certs=%d",
|
||||
conf->plug_and_play, conf->max_virtual_slots, conf->slots_per_card,
|
||||
conf->hide_empty_tokens, conf->lock_login, conf->pin_unblock_style);
|
||||
conf->hide_empty_tokens, conf->lock_login, conf->pin_unblock_style,
|
||||
conf->zero_ckaid_for_ca_certs);
|
||||
}
|
||||
|
|
|
@ -80,6 +80,7 @@ struct sc_pkcs11_config {
|
|||
unsigned char soft_keygen_allowed;
|
||||
unsigned int pin_unblock_style;
|
||||
unsigned int create_puk_slot;
|
||||
unsigned int zero_ckaid_for_ca_certs;
|
||||
};
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue