From 1fb675acbdb9d3c6cdf5fab86fc5c684a267af5f Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 11 Jul 2012 17:58:32 +0100 Subject: [PATCH] Use P11_KIT_URI_FOR_ANY to preserve all attributes in PKCS#11 URIs Otherwise we were losing the attributes which specified a token... which is a pain when the token doesn't list private keys until you're logged in. In that case you do *have* to specify the token otherwise the object will never be found. Signed-off-by: David Woodhouse --- gnutls.c | 8 ++++---- www/changelog.xml | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/gnutls.c b/gnutls.c index 1d21dcd..37e2ff4 100644 --- a/gnutls.c +++ b/gnutls.c @@ -923,25 +923,25 @@ static int load_certificate(struct openconnect_info *vpninfo) /* Add appropriate pin-source and object-type attributes to both certificate and key URLs, unless they already exist. */ if (cert_is_p11 && - !p11_kit_uri_parse(cert_url, P11_KIT_URI_FOR_OBJECT, uri)) { + !p11_kit_uri_parse(cert_url, P11_KIT_URI_FOR_ANY, uri)) { if (!p11_kit_uri_get_pin_source(uri)) p11_kit_uri_set_pin_source(uri, pin_source); if (!p11_kit_uri_get_attribute(uri, CKA_CLASS)) { class = CKO_CERTIFICATE; p11_kit_uri_set_attribute(uri, &attr); } - p11_kit_uri_format(uri, P11_KIT_URI_FOR_OBJECT, &cert_url); + p11_kit_uri_format(uri, P11_KIT_URI_FOR_ANY, &cert_url); } if (key_is_p11 && - !p11_kit_uri_parse(key_url, P11_KIT_URI_FOR_OBJECT, uri)) { + !p11_kit_uri_parse(key_url, P11_KIT_URI_FOR_ANY, uri)) { if (!p11_kit_uri_get_pin_source(uri)) p11_kit_uri_set_pin_source(uri, pin_source); if (!p11_kit_uri_get_attribute(uri, CKA_CLASS)) { class = CKO_PRIVATE_KEY; p11_kit_uri_set_attribute(uri, &attr); } - p11_kit_uri_format(uri, P11_KIT_URI_FOR_OBJECT, &key_url); + p11_kit_uri_format(uri, P11_KIT_URI_FOR_ANY, &key_url); } p11_kit_uri_free(uri); diff --git a/www/changelog.xml b/www/changelog.xml index 78febca..e73e78d 100644 --- a/www/changelog.xml +++ b/www/changelog.xml @@ -17,6 +17,7 @@