When writing an object with CKA_TRUSTED set CKA_PRIVATE explicitly to FALSE, to allow the SO to write it. Reported by Rickard Bellgrim.

author: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-06-17 20:31:58 +0200
committer: Nikos Mavrogiannopoulos <nmav@gnutls.org> 2011-06-17 20:31:58 +0200
commit: f6010587f6f766199849eb58d95a5148ad5ce79f (patch)
tree: 6581997f64c1c9ec8840c2f8115b9264e3433c0d
parent: f750c4949f085735e840e065a8eec7a42d7190c8 (diff)
download: gnutls-f6010587f6f766199849eb58d95a5148ad5ce79f.tar.gz
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index e9b5f404ce..823b715e25 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -53,11 +53,12 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   size_t der_size, id_size;
   opaque *der = NULL;
   opaque id[20];
-  struct ck_attribute a[10];
+  struct ck_attribute a[16];
   ck_object_class_t class = CKO_CERTIFICATE;
   ck_certificate_type_t type = CKC_X_509;
   ck_object_handle_t obj;
   ck_bool_t tval = 1;
+  ck_bool_t fval = 0;
   int a_val;
   gnutls_datum_t subject = { NULL, 0 };
 
@@ -139,6 +140,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   a[a_val].value_len = subject.size;
   a_val++;
 
+
   if (label)
     {
       a[a_val].type = CKA_LABEL;
@@ -153,6 +155,11 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
       a[a_val].value = &tval;
       a[a_val].value_len = sizeof (tval);
       a_val++;
+
+      a[a_val].type = CKA_PRIVATE;
+      a[a_val].value = &fval;
+      a[a_val].value_len = sizeof(fval);
+      a_val++;
     }
 
   rv = pakchois_create_object (pks, a, a_val, &obj);
author	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-06-17 20:31:58 +0200
committer	Nikos Mavrogiannopoulos <nmav@gnutls.org>	2011-06-17 20:31:58 +0200
commit	f6010587f6f766199849eb58d95a5148ad5ce79f (patch)
tree	6581997f64c1c9ec8840c2f8115b9264e3433c0d
parent	f750c4949f085735e840e065a8eec7a42d7190c8 (diff)
download	gnutls-f6010587f6f766199849eb58d95a5148ad5ce79f.tar.gz