diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2017-05-10 17:23:54 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-05-10 22:22:01 +0200 |
| commit | 9a8fb40da7eabdca8044d779dd1871eea14a31ae (patch) | |
| tree | d19b716c5c8e2652bdee9d5995430672d01ef92d /lib | |
| parent | 6d084b8cbadb9f748a323847b428ac688e069aa2 (diff) | |
| download | gnutls-9a8fb40da7eabdca8044d779dd1871eea14a31ae.tar.gz | |
pkcs11_override_cert_exts: do not use CKA_X_DISTRUSTED flag when retrieving
This flag was introduced in order for reducing the number of duplicate
stapled extensions returned by p11-kit. Unfortunately that fix was bogus
and in fact it resulted to p11-kit not returning any stapled extensions.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pkcs11x.c | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/lib/pkcs11x.c b/lib/pkcs11x.c index 186b3f642d..fc428e17a4 100644 --- a/lib/pkcs11x.c +++ b/lib/pkcs11x.c @@ -68,7 +68,7 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t { int ret; gnutls_datum_t new_der = {NULL, 0}; - struct ck_attribute a[3]; + struct ck_attribute a[2]; struct ck_attribute b[1]; unsigned long count; unsigned ext_data_size = der->size; @@ -78,7 +78,6 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t unsigned finalize = 0; ck_rv_t rv; ck_object_handle_t obj; - ck_bool_t tfalse = 0; if (sinfo->trusted == 0) { _gnutls_debug_log("p11: cannot override extensions on a non-p11-kit trust module\n"); @@ -95,11 +94,7 @@ int pkcs11_override_cert_exts(struct pkcs11_session_info *sinfo, gnutls_datum_t a[1].value = spki->data; a[1].value_len = spki->size; - a[2].type = CKA_X_DISTRUSTED; - a[2].value = &tfalse; - a[2].value_len = sizeof(tfalse); - - rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 3); + rv = pkcs11_find_objects_init(sinfo->module, sinfo->pks, a, 2); if (rv != CKR_OK) { gnutls_assert(); _gnutls_debug_log |