https://bugzilla.mindrot.org/show_bug.cgi?id=2652
--- Comment #5 from Daniel Kucera <[email protected]> --- (In reply to Damien Miller from comment #2) > Comment on attachment 3032 [details] > patch > > >diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c > >index d1f750db0..938535638 100644 > >--- a/ssh-pkcs11.c > >+++ b/ssh-pkcs11.c > >@@ -366,19 +366,16 @@ pkcs11_open_session(struct pkcs11_provider *p, > >CK_ULONG slotidx, char *pin) > > > > f = p->function_list; > > login_required = p->slotinfo[slotidx].token.flags & CKF_LOGIN_REQUIRED; > >- if (pin && login_required && !strlen(pin)) { > >- error("pin required"); > >- return (-1); > >- } > >+ > > I'm not sure I understand why this section is removed - could you > explain it? Oh, I remember now: It's because if pin is not set (is null), login_required is not evaluated so no error is returned so this check is useless. And we don't even need to return error here, login can be performed by external library after calling C_Login with pin set to zero. CKF_LOGIN_REQUIRED only means C_Login has to be called, not that the pin has to be set. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
