ACKED by cfu: Pushed to master: commit 9bd94a0a54793a0720b803846ce2291e5064c2ae
Various fedora libcoolkey builds done with patch to support this, winding through the system. Closing #1734. ----- Original Message ----- From: "Christina Fu" <c...@redhat.com> To: pki-devel@redhat.com Sent: Friday, February 5, 2016 4:22:40 PM Subject: Re: [Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch the code looks good. I applied the patch and upgraded my libcoolkey and played with it. I was able to enroll for 2 certs and "recover" 5 (makes a total of 7), and then continued to run externalReg enrollment again to delete one cert and recover another. ACK, Christina On 02/02/2016 06:46 PM, John Magne wrote: Subject: [PATCH] Allow cert and key indexes > 9. Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers This patch contains the following: 1. Fixes in TPS to allow the server to set and read muscle object ID's that are greater than 9. The id is stored as a single ASCII byte in the object id. Previous libcoolkey patches exist to now support numbers larger than 9, by the following: 0-9 is represented by the ascii chars for 0 through 9,. 10 - 35 represented by the ascii chars for 'A' through 'Z'. 36 - 61 represented by the ascii chars for 'a' through 'z'. Once coolkey is updated it will be able to read these id's. TPS with this patch will be able to both read number 0 - 62 and to set them when creating pkcs#11 objects to be stored on the token. When the proper libcoolkey is installed, the coolkey driver will be able to read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, with keys of k12, and k13, will be supported and viewable in the Firefox cert viewer. Also the certs will be usable for operations. 2. A fix to the routine that finds a free id number to assign to a soon to be recovered cert will now have the ability to find unused slots instead of just inrementing one over the highest currently used index. 3. Made a couple of minor cleanup fixes to externalReg functionality discovered during testing of this feature. Tested up to 7 certs on the token. Also did some re-tests of cfu's cert retention feature and those checked. _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
