From 38e396f3247cb56174f6807a96ba5c8a62df7f3b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 15 Oct 2015 16:21:43 +0200 Subject: pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate That allows NSS to read and use the written certificate. Relates #43 --- lib/pkcs11_write.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'lib/pkcs11_write.c') diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c index 7b949530c5..cd63101891 100644 --- a/lib/pkcs11_write.c +++ b/lib/pkcs11_write.c @@ -31,7 +31,7 @@ static const ck_bool_t tval = 1; static const ck_bool_t fval = 0; -#define MAX_ASIZE 16 +#define MAX_ASIZE 24 static void mark_flags(unsigned flags, struct ck_attribute *a, unsigned *a_val) { @@ -96,8 +96,9 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, int ret; struct p11_kit_uri *info = NULL; ck_rv_t rv; - size_t der_size, id_size; + size_t der_size, id_size, serial_size; uint8_t *der = NULL; + uint8_t serial[128]; uint8_t id[20]; struct ck_attribute a[MAX_ASIZE]; ck_object_class_t class = CKO_CERTIFICATE; @@ -193,6 +194,19 @@ gnutls_pkcs11_copy_x509_crt2(const char *token_url, a[a_val].value_len = crt->raw_dn.size; a_val++; + a[a_val].type = CKA_ISSUER; + a[a_val].value = crt->raw_issuer_dn.data; + a[a_val].value_len = crt->raw_issuer_dn.size; + a_val++; + + serial_size = sizeof(serial); + if (gnutls_x509_crt_get_serial(crt, serial, &serial_size) >= 0) { + a[a_val].type = CKA_SERIAL_NUMBER; + a[a_val].value = (void *) serial; + a[a_val].value_len = serial_size; + a_val++; + } + if (label) { a[a_val].type = CKA_LABEL; a[a_val].value = (void *) label; -- cgit v1.2.1