diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-06-28 17:12:39 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-07-17 12:24:21 -0400 |
commit | fc975f6608015c61afc7fcba728344663b015996 (patch) | |
tree | f746540a752d2e81448eaad8ec063424ffa7d1c0 /src/plugins | |
parent | 805cd6078b5970750b979bd97b4b9f6147e1fd0d (diff) | |
download | krb5-fc975f6608015c61afc7fcba728344663b015996.tar.gz krb5-fc975f6608015c61afc7fcba728344663b015996.tar.xz krb5-fc975f6608015c61afc7fcba728344663b015996.zip |
Use PKCS11_MODNAME for NSS PKINIT by default
Do what the OpenSSL-using code paths do, and load PKCS11_MODNAME if no
module is specified when we're told to use a PKCS11 identity.
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index 3c6a87d5e4..1b2172c223 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -2109,6 +2109,13 @@ crypto_load_pkcs11(krb5_context context, if (idopts == NULL) return SECFailure; + /* If no module is specified, use the default module from pkinit.h. */ + if (idopts->p11_module_name == NULL) { + idopts->p11_module_name = strdup(PKCS11_MODNAME); + if (idopts->p11_module_name == NULL) + return SECFailure; + } + /* Build the module spec. */ spec_size = strlen("library=''") + strlen(idopts->p11_module_name) * 2 + 1; spec = PORT_ArenaZAlloc(id_cryptoctx->pool, spec_size); |