> pkcs11: configuration option to report as zero the CKA_ID of CA
> certificates
>
> In fact, the middleware of the manufacturer of the gemalto (axalto,
> gemplus) cards reports the CKA_ID of CA certificates as '0'.
>
> But it's not true for the others middlewares (Oberthur), NSS (afais) and
> PKCS#11 standard.
...
> - /* Not sure why CA certs should be reported with an
> - * ID of 00. --okir 20030413 */
> - if (cert->cert_info->authority) {
> + if (cert->cert_info->authority
> + && sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
...
> + conf->zero_ckaid_for_ca_certs = 0;
...
> + conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block,
"zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
so the old default was to do that, and with the new variable the
new default is to not do that?
is that change intentional?
also please edit etc/opensc.conf.in and put in some documentation
/ comment with explanation etc. like we have for each option.
Regards, Andreas
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
