[27857] in CVS-changelog-for-Kerberos-V5
krb5 commit: Use PKCS11_MODNAME for NSS PKINIT by default
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jul 18 00:59:08 2013
Date: Thu, 18 Jul 2013 00:58:55 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201307180458.r6I4wta6018611@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/fc975f6608015c61afc7fcba728344663b015996
commit fc975f6608015c61afc7fcba728344663b015996
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Fri Jun 28 17:12:39 2013 -0400
Use PKCS11_MODNAME for NSS PKINIT by default
Do what the OpenSSL-using code paths do, and load PKCS11_MODNAME if no
module is specified when we're told to use a PKCS11 identity.
src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 3c6a87d..1b2172c 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2109,6 +2109,13 @@ crypto_load_pkcs11(krb5_context context,
if (idopts == NULL)
return SECFailure;
+ /* If no module is specified, use the default module from pkinit.h. */
+ if (idopts->p11_module_name == NULL) {
+ idopts->p11_module_name = strdup(PKCS11_MODNAME);
+ if (idopts->p11_module_name == NULL)
+ return SECFailure;
+ }
+
/* Build the module spec. */
spec_size = strlen("library=''") + strlen(idopts->p11_module_name) * 2 + 1;
spec = PORT_ArenaZAlloc(id_cryptoctx->pool, spec_size);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5