Hi, As briefly explained in IRC, the attached patches work around an issue with charon-nm when the CKA_ID does not match the subject key identifier. It is not pretty, I must admit, but it should work for what I consider are "standard" users of the nm plugin: users with only one token.
The first patch is just a bit of code refactoring. In the second patch
I'm using a 255 bytes buffer for the CKA_ID but now I think it is too
big. In any case, it is resized later on, so it shouldn't be a real
issue other than ("why 255?").
Please consider applying them.
Regards,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
0001-pkcs11-refactor-the-login-and-reauth-methods.patch
Description: Binary data
0002-pkcs11-allow-a-secondary-keyid-an-alias-to-be-used.patch
Description: Binary data
_______________________________________________ Dev mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/dev
