Re: issues with pre-login to pkcs11 slots when using NSS
Date: Fri, 10 Jul 2009 16:12:25 +0200
On Jun 29, 2009, at 10:50 PM, Daniel Stenberg wrote:
> On Fri, 12 Jun 2009, Claes Jakobsson wrote:
>> There are several advantages to this approach - a) failures are
>> limited to our cert, b) the curl nss code will be a bit simplier
>> and c) startup time will be slightly faster.
>> I'll try write a patch during the weekend.
> Any further news on this issue?
The attached patch (against CVS) disables pre-login to the tokens as
this can cause problems with PKCS#11 modules that are evil to us and
instead delegates login to PK11_FindCertByNickname by passing the
password along the socket.
I haven't tested if this still works with PEM file certs as I don't
have that on my install so I'd appreciate if Kamil could try this.
Enjoy your vacation and don't do too much coding ;)
- application/octet-stream attachment: nss-dont-preauth-tokens.patch