2 files changed, 10 insertions, 4 deletions

diff --git a/src/common.c b/src/common.c
index d82a83430c..c3e5b474f2 100644
--- a/src/common.c
+++ b/src/common.c
@@ -1061,9 +1061,13 @@ pin_callback(void *user, int attempt, const char *token_url,
 	if (flags & GNUTLS_PIN_SO) {
 		env = "GNUTLS_SO_PIN";
 		desc = "security officer";
+		if (info)
+			password = info->so_pin;
 	} else {
 		env = "GNUTLS_PIN";
 		desc = "user";
+		if (info)
+			password = info->pin;
 	}
 
 	if (flags & GNUTLS_PIN_FINAL_TRY) {
@@ -1097,9 +1101,11 @@ pin_callback(void *user, int attempt, const char *token_url,
 		}
 	}
 
-	password = getenv(env);
-	if (password == NULL) /* compatibility */
-		password = getenv("GNUTLS_PIN");
+	if (password == NULL) {
+		password = getenv(env);
+		if (password == NULL) /* compatibility */
+			password = getenv("GNUTLS_PIN");
+	}
 
 	if (password == NULL && (info == NULL || info->batch == 0)) {
 		fprintf(stderr, "Token '%s' with URL '%s' ", token_label, token_url);
diff --git a/src/p11tool-args.def b/src/p11tool-args.def
index f6910d8842..ef2fa9ddda 100644
--- a/src/p11tool-args.def
+++ b/src/p11tool-args.def
@@ -64,7 +64,7 @@ flag = {
 flag = {
     name      = set-pin;
     arg-type  = string;
-    descrip   = "Specify the PIN to use on token initialization";
+    descrip   = "Specify the PIN to use on token operations";
     doc      = "Alternatively the GNUTLS_PIN environment variable may be used.";
 };