diff options
| author | Raphael Geissert <raphael-externe.geissert@edf.fr> | 2016-08-31 13:22:38 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2016-10-04 12:09:04 +0200 |
| commit | 9a7049635ecc35ddce73e3ad0ede16b0ea2f271e (patch) | |
| tree | 68ae01ff27feaad17455d77e5c0825ea8f2abfa6 /src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.h | |
| parent | 97c74b565b2870ee889431289c6907a2f5b57b91 (diff) | |
| download | strongswan-9a7049635ecc35ddce73e3ad0ede16b0ea2f271e.tar.bz2 strongswan-9a7049635ecc35ddce73e3ad0ede16b0ea2f271e.tar.xz | |
pkcs11: Look for the CKA_ID of the cert if it doesn't match the subjectKeyId
charon-nm fails to find the private key when its CKA_ID doesn't match the
subjectKeyIdentifier of the X.509 certificate. In such cases, the private
key builder now falls back to enumerating all the certificates, looking for
one that matches the supplied subjectKeyIdentifier. It then uses the CKA_ID
of that certificate to find the corresponding private key.
It effectively means that PKCS#11 tokens where the only identifier to relate
the certificate, the public key, and the private key is the CKA_ID are now
supported by charon-nm.
Fixes #490.
Diffstat (limited to 'src/libtnccs/plugins/tnccs_11/tnccs_11_plugin.h')
0 files changed, 0 insertions, 0 deletions