Hello, I use pam_pkcs11 0.6.8 with libcurl but without nss. My tokens works fine but they can contain 4 or 5 certificates (with corresponding rsa keys).
My certificates are not all from the same PKI, so they are not certified by the same ACs. The problem I encounter with pam_pkcs11 is that if the first certificate it tries to verify is not certified by ACs I installed on my workstation, I got an error 2328 because verify_certificate() return -4 and pam_pkcs11 stops (line 584 of src/pam_pkcs11/pam_pkcs11.c : goto auth_failed_nopw;), not trying to verify others certificates in my token. I do not really want to install all ACs (including CRLs, ...) of my certificates of my token on every workstations. I tried to add a "continue;" in pam_pkcs11.c in the switch test for the error 2328 : if verify_certificate() returns -4, pam_pkcs11 prints the error message "error 2328: ..." and with the continue command, pam_pkcs11 continues to process the next certificates and everything works great. Maybe I missed something that explains why pam_pkcs11 stops processing certificates if the verification of a certificate returns -4. Thanks for any helps you could give me. Regards. Frédéric Combeau. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
