Hello, Here is my patch (actually, 2 patches that depend if the patch concerns only the error 2328 (patch 1) or the whole block processing the return value of verify_certificate() (patch 2)).
Thanks for your fast answer. Hope my patches could help, Regards, Frédéric Combeau. -----Message d'origine----- De : Ludovic Rousseau [mailto:ludovic.rouss...@gmail.com] Envoyé : lundi 10 décembre 2012 13:49 À : COMBEAU Frederic 150138 Cc : opensc-devel@lists.opensc-project.org Objet : Re: [opensc-devel] pam_pkcs11 with many certificates on a single token 2012/12/10 <frederic.comb...@cea.fr>: > Hello, Hello, > I use pam_pkcs11 0.6.8 with libcurl but without nss. My tokens works fine but > they can contain 4 or 5 certificates (with corresponding rsa keys). > > My certificates are not all from the same PKI, so they are not certified by > the same ACs. > > The problem I encounter with pam_pkcs11 is that if the first certificate it > tries to verify is not certified by ACs I installed on my workstation, I got > an error 2328 because verify_certificate() return -4 and pam_pkcs11 stops > (line 584 of src/pam_pkcs11/pam_pkcs11.c : goto auth_failed_nopw;), not > trying to verify others certificates in my token. I do not really want to > install all ACs (including CRLs, ...) of my certificates of my token on every > workstations. > > I tried to add a "continue;" in pam_pkcs11.c in the switch test for the error > 2328 : if verify_certificate() returns -4, pam_pkcs11 prints the error > message "error 2328: ..." and with the continue command, pam_pkcs11 continues > to process the next certificates and everything works great. > > Maybe I missed something that explains why pam_pkcs11 stops processing > certificates if the verification of a certificate returns -4. I guess it is just a bug or a missing feature. Can you send me a patch (or, better, a github pull request) so I can fix the problem? The project is at https://github.com/OpenSC/pam_pkcs11 Thanks -- Dr. Ludovic Rousseau
patch_pam_pkcs11-0.6.8_error2328-1.patch
Description: patch_pam_pkcs11-0.6.8_error2328-1.patch
patch_pam_pkcs11-0.6.8_error2328-2.patch
Description: patch_pam_pkcs11-0.6.8_error2328-2.patch
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel