From 577b64414cb3b735a98fbfe89afe838b3e206b7f Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 28 Oct 2010 00:57:22 -0400 Subject: [PATCH 080/150] - don't fail to init the context, the first time, or later --- src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 15 ++++++++------- 1 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c index ff0068f..71c68a9 100644 --- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c +++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c @@ -715,7 +715,9 @@ pkinit_init_plg_crypto(pkinit_plg_crypto_context *plg_cryptoctx) NULL, NULL, NULL, - NSS_INIT_READONLY); + NSS_INIT_READONLY | + NSS_INIT_FORCEOPEN | + NSS_INIT_PK11RELOAD); if ((*plg_cryptoctx)->ncontext != NULL) { tag = get_pkinit_data_auth_data_tag(); if (crypto_register_any(tag) != SECSuccess) { @@ -1745,10 +1747,11 @@ cert_load_certs_with_keys_from_slot(krb5_context context, CERTCertListNode *cnode; SECKEYPrivateKey *key; int status; - /* Skip over slots we've already used. */ + + /* Log in if the slot requires it. */ if (!PK11_IsLoggedIn(slot, crypto_pwcb_prep(id, context)) && PK11_NeedLogin(slot)) { - pkiDebug("%s: skipping token \"%s\"\n", + pkiDebug("%s: logging in to token \"%s\"\n", __FUNCTION__, PK11_GetTokenName(slot)); if (PK11_Authenticate(slot, PR_TRUE, crypto_pwcb_prep(id, @@ -1879,10 +1882,8 @@ crypto_load_pkcs11(krb5_context context, /* Walk the list of slots in the module. */ status = SECFailure; - for (i = module->slotCount; - (slot = module->slots[i]) != NULL; - i++) { - /* Load private keys and certs from this slot. */ + for (i = module->slotCount; (slot = module->slots[i]) != NULL; i++) { + /* Load private keys and their certs from this slot. */ if (cert_load_certs_with_keys_from_slot(context, id_cryptoctx, slot) == 0) { status = SECSuccess; -- 1.7.6.4