ACKED by cfu:
Pushed to master: commit 9bd94a0a54793a0720b803846ce2291e5064c2ae
Various fedora libcoolkey builds done with patch to support this, winding through the
system.
Closing #1734.
----- Original Message -----
From: "Christina Fu" <cfu(a)redhat.com>
To: pki-devel(a)redhat.com
Sent: Friday, February 5, 2016 4:22:40 PM
Subject: Re: [Pki-devel] [pki-devel][PATCH] 0062-Allow-cert-and-key-indexes-9.patch
the code looks good.
I applied the patch and upgraded my libcoolkey and played with it. I was able to enroll
for 2 certs and "recover" 5 (makes a total of 7), and then continued to run
externalReg enrollment again to delete one cert and recover another.
ACK,
Christina
On 02/02/2016 06:46 PM, John Magne wrote:
Subject: [PATCH] Allow cert and key indexes > 9.
Ticket: Ticket #1734 : TPS issue with overflowing PKCS#11 cert index numbers
This patch contains the following:
1. Fixes in TPS to allow the server to set and read muscle object ID's that are
greater than 9.
The id is stored as a single ASCII byte in the object id. Previous libcoolkey patches
exist to now support numbers
larger than 9, by the following:
0-9 is represented by the ascii chars for 0 through 9,.
10 - 35 represented by the ascii chars for 'A' through 'Z'.
36 - 61 represented by the ascii chars for 'a' through 'z'.
Once coolkey is updated it will be able to read these id's.
TPS with this patch will be able to both read number 0 - 62 and to set them when creating
pkcs#11 objects to be stored on the token.
When the proper libcoolkey is installed, the coolkey driver will be able to read certs and
keys with id's > 9. Thus, for instance a cert with an id of C6, with keys of k12,
and k13, will be supported and viewable in the Firefox cert viewer. Also the certs will be
usable for operations.
2. A fix to the routine that finds a free id number to assign to a soon to be recovered
cert will now have the ability to find unused slots instead of just inrementing one over
the highest currently used index.
3. Made a couple of minor cleanup fixes to externalReg functionality discovered during
testing of this feature.
Tested up to 7 certs on the token. Also did some re-tests of cfu's cert retention
feature and those checked.
_______________________________________________
Pki-devel mailing list Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel