cURL / Mailing Lists / curl-library / Single Mail


Re: Fwd: Re: issues with pre-login to pkcs11 slots when using NSS

From: Rob Crittenden <>
Date: Wed, 15 Jul 2009 13:31:00 -0400

Kamil Dudka wrote:
> Rob, any objections?
> Kamil
> ---------- Forwarded Message ----------
> Subject: Re: issues with pre-login to pkcs11 slots when using NSS
> Date: Wednesday 15 of July 2009
> From: Claes Jakobsson <>
> To: Kamil Dudka <>
> On Jul 14, 2009, at 3:20 PM, Kamil Dudka wrote:
>> These warnings were introduced by me. It is fixed in the attached
>> patch.
> No warnings now with your latest revision of the patch so I think it's
> good for integration now if that's ok with Daniel and Rob.
> /Claes
> -------------------------------------------------------

It generally looks ok, I just saw a couple of things:

- line 818 prints an error that nickname wasn't specified but includes
nickname in the argument list.
- you should probably verify earlier that pRetKey is returned by
NSS_GetClientAuthData(). Why display the cert info if there isn't a key?
- I'm not sure why you are getting the certificate nickname you are in
this block:

   nickname = (*pRetCert)->nickname;
   if (NULL == nickname)
     nickname = "[unknown]";

Why not just use the nickname that the user provided (or show both)?

Otherwise it looks ok, sorry it took me so long to review.


Received on 2009-07-15