diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-17 20:31:58 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-06-17 20:39:25 +0200 |
commit | 3da801fa9301088a7bdc470e8f2a40f14199fdee (patch) | |
tree | 6a0f23f0c03eb69050d809dabb473a5f52a8af07 | |
parent | 27a424cf6668b61c8c92ed88d5331b3010be3374 (diff) | |
download | gnutls-3da801fa9301088a7bdc470e8f2a40f14199fdee.tar.gz |
When writing an object with CKA_TRUSTED set CKA_PRIVATE explicitly to FALSE, to allow the SO to write it. Reported by Rickard Bellgrim.
-rw-r--r-- | lib/pkcs11_write.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 15ed1322a6..3083faf8e0 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -54,11 +54,12 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, size_t der_size, id_size; opaque *der = NULL; opaque id[20]; - struct ck_attribute a[10]; + struct ck_attribute a[16]; ck_object_class_t class = CKO_CERTIFICATE; ck_certificate_type_t type = CKC_X_509; ck_object_handle_t obj; ck_bool_t tval = 1; + ck_bool_t fval = 0; int a_val; gnutls_datum_t subject = { NULL, 0 }; @@ -142,6 +143,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, a[a_val].value_len = subject.size; a_val++; + if (label) { a[a_val].type = CKA_LABEL; @@ -156,6 +158,11 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url, a[a_val].value = &tval; a[a_val].value_len = sizeof (tval); a_val++; + + a[a_val].type = CKA_PRIVATE; + a[a_val].value = &fval; + a[a_val].value_len = sizeof(fval); + a_val++; } rv = pkcs11_create_object (module, pks, a, a_val, &obj); |