[Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch

Christina Fu cfu at redhat.com
Sat Feb 6 00:22:40 UTC 2016 

the code looks good.
I applied the patch and upgraded my libcoolkey and played with it. I was 
able to enroll for 2 certs and "recover" 5 (makes a total of 7), and 
then continued to run externalReg enrollment again to delete one cert 
and recover another.

ACK,
Christina

On 02/02/2016 06:46 PM, John Magne wrote:
> Subject: [PATCH] Allow cert and key indexes > 9.
>
> Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers
>
> This patch contains the following:
>
> 1. Fixes in TPS to allow the server to set and read muscle object ID's that are greater than 9.
>
> The id is stored as a single ASCII byte in the object id. Previous libcoolkey patches exist to now support numbers
> larger than 9, by the following:
>
> 0-9 is represented by the ascii chars for 0 through 9,.
> 10 - 35 represented by the ascii chars for 'A' through 'Z'.
> 36 - 61 represented by the ascii chars for 'a' through 'z'.
>
> Once coolkey is updated it will be able to read these id's.
>
> TPS with this patch will be able to both read number 0 - 62 and to set them when creating pkcs#11 objects to be stored on the token.
>
> When the proper libcoolkey is installed, the coolkey driver will be able to read certs and keys with id's > 9. Thus, for instance a cert with an id of C6, with keys of k12, and k13, will be supported and viewable in the Firefox cert viewer. Also the certs will be usable for operations.
>
> 2. A fix to the routine that finds a free id number to assign to a soon to be recovered cert will now have the ability to find unused slots instead of just inrementing one over the highest currently used index.
>
> 3. Made a couple of minor cleanup fixes to externalReg functionality discovered during testing of this feature.
>
> Tested up to 7 certs on the token. Also did some re-tests of cfu's cert retention feature and those checked.
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160205/48dd6378/attachment.htm>

More information about the Pki-devel mailing list