[strongSwan-dev] [PATCH] pkcs11: keyid alias

Raphael Geissert geissert at debian.org
Tue Aug 6 09:51:59 CEST 2013


Hi,

As briefly explained in IRC, the attached patches work around an issue
with charon-nm when the CKA_ID does not match the subject key
identifier. It is not pretty, I must admit, but it should work for
what I consider are "standard" users of the nm plugin: users with only
one token.

The first patch is just a bit of code refactoring. In the second patch
I'm using a 255 bytes buffer for the CKA_ID but now I think it is too
big. In any case, it is resized later on, so it shouldn't be a real
issue other than ("why 255?").

Please consider applying them.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-pkcs11-refactor-the-login-and-reauth-methods.patch
Type: application/octet-stream
Size: 3863 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130806/9a5dd73e/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-pkcs11-allow-a-secondary-keyid-an-alias-to-be-used.patch
Type: application/octet-stream
Size: 8475 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130806/9a5dd73e/attachment-0001.obj>


More information about the Dev mailing list