PKCS#11 bugs
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jun 17 20:41:31 CEST 2011
On 06/17/2011 09:13 AM, Rickard Bellgrim wrote:
> Great, now it logs in as SO. Just one more thing. Also set the
> CKA_PRIVATE to false. As I noted above, the default value is
> "token-specific". Otherwise the SO cannot create the object. If this
> is fixed then it works. See table 6 (access rules) in the PKCS#11
> API, page 22.
I've set it to false when the CKA_TRUSTED is set as well.
> I also noted that the library enters an eternal loop when wrong PIN
> has been entered. This was because I do not set PIN_COUNT_LOW or
> PIN_FINAL_TRY in SoftHSM. GnuTLS will thus keep using the cached PIN.
> I will see what I can do about that.
I've also limited the number of attempts a PIN is used with p11tool.
This would prevent such an infinite loop.
regards,
Nikos
More information about the Gnutls-devel
mailing list