On Mon, 5 Oct 2009 11:28:12 +0300
Martin Paljak <[email protected]> wrote:
>
> On 05.10.2009, at 11:01, Pierre Ossman wrote:
> > New attempt, this time against r3756 (r18006 was our internal repo,
> > for
> > those curious :)), as an attachment and without a signature on the
> > mail. Hopefully everyone can read it this time.
> Applies and works for me.
>
Glad to hear it. Does that also mean it will get merged in trunk?
>
> > Oh yeah, I also forgot to mention that this patch also adds some more
> > debug output. I found it helpful to see how the library chooses to
> > associate objects, even though it currently only prints the index
> > number.
> Maybe you can improve it so that it would log object/auth IDs? This
> would facilitate better debugging by looking at pkcs15-tool -D and
> then pkcs#11 debug log?
>
Sure. Included patch gives this debug output:
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 0
[opensc-pkcs11] framework-pkcs15.c:467:__pkcs15_prkey_bind_related: Object is a
private key and has id 45
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 1
[opensc-pkcs11] framework-pkcs15.c:467:__pkcs15_prkey_bind_related: Object is a
private key and has id 46
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 2
[opensc-pkcs11] framework-pkcs15.c:509:__pkcs15_cert_bind_related: Object is a
certificate and has id 45
[opensc-pkcs11] framework-pkcs15.c:538:__pkcs15_cert_bind_related: Associating
object 0 as private key
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 3
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 4
[opensc-pkcs11] framework-pkcs15.c:509:__pkcs15_cert_bind_related: Object is a
certificate and has id 46
[opensc-pkcs11] framework-pkcs15.c:538:__pkcs15_cert_bind_related: Associating
object 1 as private key
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 5
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 6
[opensc-pkcs11] framework-pkcs15.c:509:__pkcs15_cert_bind_related: Object is a
certificate and has id 45
[opensc-pkcs11] framework-pkcs15.c:538:__pkcs15_cert_bind_related: Associating
object 0 as private key
[opensc-pkcs11] framework-pkcs15.c:528:__pkcs15_cert_bind_related: Associating
object 10 (id 47) as issuer
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 7
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 8
[opensc-pkcs11] framework-pkcs15.c:509:__pkcs15_cert_bind_related: Object is a
certificate and has id 46
[opensc-pkcs11] framework-pkcs15.c:538:__pkcs15_cert_bind_related: Associating
object 1 as private key
[opensc-pkcs11] framework-pkcs15.c:528:__pkcs15_cert_bind_related: Associating
object 10 (id 47) as issuer
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 9
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 10
[opensc-pkcs11] framework-pkcs15.c:509:__pkcs15_cert_bind_related: Object is a
certificate and has id 47
[opensc-pkcs11] framework-pkcs15.c:559:pkcs15_bind_related_objects: Looking for
objects related to object 11
Note that several certificates share id, which means that id isn't
enough to distinguish them (which also means that the opensc tools are
unable to properly use this card since they use ids heavily :/).
Rgds
--
Pierre Ossman OpenSource-based Thin Client Technology
System Developer Telephone: +46-13-21 46 00
Cendio AB Web: http://www.cendio.com
Index: src/pkcs11/framework-pkcs15.c
===================================================================
--- src/pkcs11/framework-pkcs15.c (revision 18042)
+++ src/pkcs11/framework-pkcs15.c (working copy)
@@ -463,6 +463,9 @@
sc_pkcs15_id_t *id = &pk->prv_info->id;
unsigned int i;
+ sc_debug(context, "Object is a private key and has id %s",
+ sc_pkcs15_print_id(id));
+
for (i = 0; i < fw_data->num_objects; i++) {
struct pkcs15_any_object *obj = fw_data->objects[i];
@@ -502,21 +505,27 @@
sc_pkcs15_id_t *id = &cert->cert_info->id;
unsigned int i;
+ sc_debug(context, "Object is a certificate and has id %s",
+ sc_pkcs15_print_id(id));
+
/* Loop over all objects to see if we find the certificate of
* the issuer and the associated private key */
for (i = 0; i < fw_data->num_objects; i++) {
struct pkcs15_any_object *obj = fw_data->objects[i];
if (is_cert(obj) && obj != (struct pkcs15_any_object *) cert) {
+ struct pkcs15_cert_object *cert2;
struct sc_pkcs15_cert *c2;
- c2 = ((struct pkcs15_cert_object *) obj)->cert_data;
+ cert2 = (struct pkcs15_cert_object *) obj;
+ c2 = cert2->cert_data;
if (!c1 || !c2 || !c1->issuer_len || !c2->subject_len)
continue;
if (c1->issuer_len == c2->subject_len
&& !memcmp(c1->issuer, c2->subject, c1->issuer_len)) {
- sc_debug(context, "Associating object %d as issuer", i);
+ sc_debug(context, "Associating object %d (id %s) as issuer",
+ i, sc_pkcs15_print_id(&cert2->cert_info->id));
cert->cert_issuer = (struct pkcs15_cert_object *) obj;
return;
}
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
