Home Explore Help
Register Sign In
Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Ticket #47596 attrcrypt fails to find unlocked key

https://fedorahosted.org/389/ticket/47596
Reviewed by: nkinder (Thanks!)
Branch: master
Fix Description: Additional fix to the previous fix.  As it turns out, the
function PK11_IsLoggedIn() only returns true if the slot has been unlocked
with a pin or password.  If the slot does not need a login at all, because
the cert/key db has no password, PK11_IsLoggedIn will return false.  The code
must check for PK11_NeedLogin too.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
Rich Megginson 12 years ago
parent
3a6ce9248b
commit
e66c4cecc4
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      ldap/servers/slapd/ssl.c

+ 1 - 1
ldap/servers/slapd/ssl.c
View File 

@@ -1602,7 +1602,7 @@ slapd_get_unlocked_key_for_cert(CERTCertificate *cert, void *pin_arg)
 
 			slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
 
 					"Missing slot for slot list element for certificate [%s]\n",
 
 					certsubject);
 
-		} else if (PK11_IsLoggedIn(slot, pin_arg)) {
 
+		} else if (!PK11_NeedLogin(slot) || PK11_IsLoggedIn(slot, pin_arg)) {
 
 			key = PK11_FindKeyByDERCert(slot, cert, pin_arg);
 
 			slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
 
 					"Found unlocked slot [%s] token [%s] for certificate [%s]\n",