Neil wrote:
Neil wrote:
I also notice that checkPassword(""); logs out if there was a
password. Can this behaviour be relied on, or should I call
logoutSimple() too?
To answer my own question, nsPK11Token::CheckPassword calls
PK11_CheckUserPassword which is documented as logging out if the
password is incorrect. I think this works because
PK11_CheckUserPassword calls C_Login immediately without calling
IsLoggedIn first.
Anyway, I've checked in a patch to switch to using checkPassword("") but
that was almost certainly too late for SeaMonkey 2.0
The original log out bug seems to date back to the earliest that I can
find an implementation for it, which is some time in 2002.
--
Warning: May contain traces of nuts.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
