pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH

1 files changed, 8 insertions, 1 deletions

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index b0b6e95f72..d1a19cf35c 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -79,7 +79,7 @@ static void mark_flags(unsigned flags, struct ck_attribute *a, unsigned *a_val)
  * This function will copy a certificate into a PKCS #11 token specified by
  * a URL. Valid flags to mark the certificate: %GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED,
  * %GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE, %GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE,
- * %GNUTLS_PKCS11_OBJ_FLAG_MARK_CA.
+ * %GNUTLS_PKCS11_OBJ_FLAG_MARK_CA, %GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
@@ -431,6 +431,13 @@ gnutls_pkcs11_copy_x509_privkey(const char *token_url,
 		a_val++;
 	}
 
+	if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH) {
+		a[a_val].type = CKA_ALWAYS_AUTHENTICATE;
+		a[a_val].value = (void *) &tval;
+		a[a_val].value_len = sizeof(tval);
+		a_val++;
+	}
+
 	if (label) {
 		a[a_val].type = CKA_LABEL;
 		a[a_val].value = (void *) label;