2012/12/10 <frederic.comb...@cea.fr>: > Hello, Hello,
> I use pam_pkcs11 0.6.8 with libcurl but without nss. My tokens works fine but > they can contain 4 or 5 certificates (with corresponding rsa keys). > > My certificates are not all from the same PKI, so they are not certified by > the same ACs. > > The problem I encounter with pam_pkcs11 is that if the first certificate it > tries to verify is not certified by ACs I installed on my workstation, I got > an error 2328 because verify_certificate() return -4 and pam_pkcs11 stops > (line 584 of src/pam_pkcs11/pam_pkcs11.c : goto auth_failed_nopw;), not > trying to verify others certificates in my token. I do not really want to > install all ACs (including CRLs, ...) of my certificates of my token on every > workstations. > > I tried to add a "continue;" in pam_pkcs11.c in the switch test for the error > 2328 : if verify_certificate() returns -4, pam_pkcs11 prints the error > message "error 2328: ..." and with the continue command, pam_pkcs11 continues > to process the next certificates and everything works great. > > Maybe I missed something that explains why pam_pkcs11 stops processing > certificates if the verification of a certificate returns -4. I guess it is just a bug or a missing feature. Can you send me a patch (or, better, a github pull request) so I can fix the problem? The project is at https://github.com/OpenSC/pam_pkcs11 Thanks -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
