Menu
▾
▴
Re: [Opensc-devel] HI, may I ask several questons on pam_pkcs11-0.6.7 on ubuntu 12.04 x86 sysytem
|
From: jianming <jia...@12...> - 2015-04-09 22:52:59
|
Hi, Dirk Thank you for you patch. It looks good for me. And I will verify it on my local machine. Once done, I will give you feedback https://github.com/dirkx/pam_pkcs11/commit/f6a0b89d691b560ea546cab1bd74bc68c2dc1df5 thanks On Apr 8, 2015, at 12:19 AM, Dirk-Willem van Gulik <di...@we...> wrote: > >> On 07 Apr 2015, at 18:05, Ludovic Rousseau <lud...@gm...> wrote: >> >> 2015-04-03 15:50 GMT+02:00 Dirk-Willem van Gulik <di...@we...>: >>> >>> On 03 Apr 2015, at 15:06, Ludovic Rousseau <lud...@gm...> >>> wrote: >>> >>> As it is not uncommon to do roll-over smartcards; which already have the >>> ‘new’ cert or still have the expired cert. >>> >>> >>> I changed the "break;" in "continue;" in >>> https://github.com/OpenSC/pam_pkcs11/commit/4ef003ac43405f6391bf965a043f9fe4c4704f1d >>> >>> >>> I think that is not quite enough - as those breaks where just breaking out >>> of the switch; not out of the encapsulating loop. >> >> Exact. I reverted the patch. >> >>> Secondly - when NSS is in use - there is the issue that one cannot >>> distinguish between normal invalid cert errors and nefarious/buggy errors >>> within NSS/OpenSSL. >>> >>> So I guess at first oder we need something like: >>> >>> https://github.com/dirkx/pam_pkcs11/commit/f6a0b89d691b560ea546cab1bd74bc68c2dc1df5 >>> >>> and at second order - we could consider pulling line 670 onwards into the >>> loop as well. To really try them one by one. >> >> Please create a Pull Request if you consider your code finished. > > Will do. For now though - not ready/finished. > > However, 建明, it may be of use to you — as it solves the dominant case; of having multilple keys on one card; only *one* (or the last one) of which should be tried (count toward any PIN entry, etc). > >> I can also create a team of maintainers for pam_pkcs11 and add >> volunteers to the team. Do you volunteer? > > Let me check some i’s and cross some legal t’s first. Will let you know, > > Dw. > |
