pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate

That allows NSS to read and use the written certificate.
Resolves #43

1 files changed, 16 insertions, 2 deletions

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index 8dd94c4658..b8d1d6c83b 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -52,10 +52,11 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url,
 	int ret;
 	struct p11_kit_uri *info = NULL;
 	ck_rv_t rv;
-	size_t der_size, id_size;
+	size_t der_size, id_size, serial_size;
 	uint8_t *der = NULL;
+	uint8_t serial[128];
 	uint8_t id[20];
-	struct ck_attribute a[16];
+	struct ck_attribute a[24];
 	ck_object_class_t class = CKO_CERTIFICATE;
 	ck_certificate_type_t type = CKC_X_509;
 	ck_object_handle_t obj;
@@ -144,6 +145,19 @@ gnutls_pkcs11_copy_x509_crt(const char *token_url,
 	a[a_val].value_len = crt->raw_dn.size;
 	a_val++;
 
+	a[a_val].type = CKA_ISSUER;
+	a[a_val].value = crt->raw_issuer_dn.data;
+	a[a_val].value_len = crt->raw_issuer_dn.size;
+	a_val++;
+
+	serial_size = sizeof(serial);
+	if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) {
+		a[a_val].type = CKA_SERIAL_NUMBER;
+		a[a_val].value = (void *) serial;
+		a[a_val].value_len = serial_size;
+		a_val++;
+	}
+
 	if (label) {
 		a[a_val].type = CKA_LABEL;
 		a[a_val].value = (void *) label;