PKCS#11 bugs

Nikos Mavrogiannopoulos nmav at
Thu Jun 16 20:51:40 CEST 2011

On 06/16/2011 12:32 PM, Rickard Bellgrim wrote:
> On Wed, Jun 15, 2011 at 9:33 PM, Nikos Mavrogiannopoulos
> <nmav at> wrote:
>>> 4.
>>> The p11tool has an option to mark a certificate as trusted when
>>> importing it. The problem is that only the Security Officer can set it
>>> to true. I do not have a patch for it. But the program have to login
>>> as a SO and change the attribute of this object. Remember that the SO
>>> can only see public objects. You do not set the CKA_PRIVATE and the
>>> default value is "token-specific". SoftHSM sets the CKA_PRIVATE to
>>> true and thus not visible for the SO since it then is a private
>>> object.
>> I think I've addressed it in the repository.
> The first three items now work. But the CKA_TRUSTED is still set by
> the user and not the SO.

Ooops. Should be fixed now.


More information about the Gnutls-devel mailing list