[pkg-opensc-commit] [libp11] 06/12: First try reading certificates without login

[Eric Dorland]

This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit c6f74273b751b745eb25466e5c4c184e8bc5533f
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Fri Jan 13 23:56:06 2017 +0100

    First try reading certificates without login
---
 src/eng_back.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/eng_back.c b/src/eng_back.c
index b2546fc..65b87dc 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -345,7 +345,8 @@ int ctx_finish(ENGINE_CTX *ctx)
 /* prototype for OpenSSL ENGINE_load_cert */
 /* used by load_cert_ctrl via ENGINE_ctrl for now */
 
-static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
+static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
+		const int login)
 {
 	PKCS11_SLOT *slot;
 	PKCS11_SLOT *found_slot = NULL;
@@ -496,7 +497,7 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id)
 
 	/* In several tokens certificates are marked as private.
 	 * We require a cached pin, as no UI method is available. */
-	if (ctx->pin && !ctx_login(ctx, slot, tok, NULL, NULL)) {
+	if (login && ctx->pin && !ctx_login(ctx, slot, tok, NULL, NULL)) {
 		fprintf(stderr, "Login to token failed, returning NULL...\n");
 		return NULL;
 	}
@@ -546,10 +547,12 @@ static int ctx_ctrl_load_cert(ENGINE_CTX *ctx, void *p)
 	if (parms->cert != NULL)
 		return 0;
 
-	parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id);
+	parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 0);
+	if (parms->cert == NULL) /* Try again with login */
+		parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 1);
+
 	if (parms->cert == NULL)
 		return 0;
-
 	return 1;
 }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git