[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKCS#11 bugs
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: PKCS#11 bugs |
Date: |
Wed, 15 Jun 2011 21:33:57 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 |
On 06/14/2011 12:35 PM, Rickard Bellgrim wrote:
> Hi
> I am testing SoftHSM together with GnuTLS, just to see if the
> certificate parts of SoftHSM works. I found some bugs in GnuTLS and I
> have attached a patch for them.
Hello,
Thank you for finding the bugs and the patch.
> 1.
> You should change the variable tval to an unsigned char.
> The attributes are of the type CK_BBOOL, which is equal to unsigned char.
> 2.
> I think you forgot to save the label for the private key, if it was
> given by the user.
I've applied fixes for those:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=shortlog;h=refs/heads/gnutls_2_12_x
> 3.
> The CKA_SUBJECT must be specified for a certificate.
Why is this? I don't see anywhere in PKCS #11 such a requirement.
> 4.
> The p11tool has an option to mark a certificate as trusted when
> importing it. The problem is that only the Security Officer can set it
> to true. I do not have a patch for it. But the program have to login
> as a SO and change the attribute of this object. Remember that the SO
> can only see public objects. You do not set the CKA_PRIVATE and the
> default value is "token-specific". SoftHSM sets the CKA_PRIVATE to
> true and thus not visible for the SO since it then is a private
> object.
I think I've addressed it in the repository.
regards,
Nikos