Menu
▾
▴
Re: [Opensc-devel] HI, may I ask several questons on pam_pkcs11-0.6.7 on ubuntu 12.04 x86 sysytem
|
From: Dirk-Willem v. G. <di...@we...> - 2015-04-03 13:50:40
|
> On 03 Apr 2015, at 15:06, Ludovic Rousseau <lud...@gm...> wrote: > >> As it is not uncommon to do roll-over smartcards; which already have the >> ‘new’ cert or still have the expired cert. > > I changed the "break;" in "continue;" in > https://github.com/OpenSC/pam_pkcs11/commit/4ef003ac43405f6391bf965a043f9fe4c4704f1d <https://github.com/OpenSC/pam_pkcs11/commit/4ef003ac43405f6391bf965a043f9fe4c4704f1d> I think that is not quite enough - as those breaks where just breaking out of the switch; not out of the encapsulating loop. Secondly - when NSS is in use - there is the issue that one cannot distinguish between normal invalid cert errors and nefarious/buggy errors within NSS/OpenSSL. So I guess at first oder we need something like: https://github.com/dirkx/pam_pkcs11/commit/f6a0b89d691b560ea546cab1bd74bc68c2dc1df5 <https://github.com/dirkx/pam_pkcs11/commit/f6a0b89d691b560ea546cab1bd74bc68c2dc1df5> and at second order - we could consider pulling line 670 onwards into the loop as well. To really try them one by one. Dw. |
