cURL / Mailing Lists / curl-library / Single Mail


Re: Fwd: Re: issues with pre-login to pkcs11 slots when using NSS

From: Kamil Dudka <>
Date: Tue, 21 Jul 2009 00:14:45 +0200

On Monday 20 of July 2009 15:37:22 Rob Crittenden wrote:
> Sure, a couple more nits, nothing to prevent pushing the patch.


> - display_cert_info() takes as an argument the session data but it isn't
> used. Is this for future-proofing?

The argument is passed to Curl_infof() function through the infof() macro.
The SessionHandle structure is used internally by libcurl to determine if the
verbose mode is turned on, etc.

> - I want to point out that pem_nickname isn't guaranteed to be "PEM
> Token #1". It will be 99.99% of the time in a dynamic environment. I
> seem to recall that the slot is incremented as more keys are added. IIRC
> it is one key per-slot, so what happens if someone tries to load 2 key
> files?

I haven't tried to load more than one key through the PEM reader yet. If
you're right, it doesn't work without the patch either. I'll conduct some
testing of this behavior.

Looking at the PEM reader code, we have only 8 slots. The slot #0 is used
for CA certs. Does it mean we can load at most 7 PEM keys during the module's

Received on 2009-07-21