Andreas Jellinghaus wrote:
>> pkcs11: configuration option to report as zero the CKA_ID of CA
>> certificates
>>
>> In fact, the middleware of the manufacturer of the gemalto (axalto,
>> gemplus) cards reports the CKA_ID of CA certificates as '0'.
>>
>> But it's not true for the others middlewares (Oberthur), NSS (afais) and
>> PKCS#11 standard.
>>
>
> ...
>
>> - /* Not sure why CA certs should be reported with an
>> - * ID of 00. --okir 20030413 */
>> - if (cert->cert_info->authority) {
>> + if (cert->cert_info->authority
>> + && sc_pkcs11_conf.zero_ckaid_for_ca_certs) {
>>
> ...
>
>> + conf->zero_ckaid_for_ca_certs = 0;
>>
> ...
>
>> + conf->zero_ckaid_for_ca_certs = scconf_get_bool(conf_block,
>>
> "zero_ckaid_for_ca_certs", conf->zero_ckaid_for_ca_certs);
>
> so the old default was to do that, and with the new variable the
> new default is to not do that?
>
> is that change intentional?
>
> also please edit etc/opensc.conf.in and put in some documentation
> / comment with explanation etc. like we have for each option.
>
I forgot to commit.
Should I make default as 'true', as it was before ? I've had some doubts
on this.
> Regards, Andreas
>
Kind wishes,
Viktor.
--
Viktor Tarasov <[email protected]>
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
