Hi Robert,
robert dugal wrote:
> SSL_AuthCertificate() is called to verify a certificate chain during an
> SSL/TLS handshake. It ends up calling pk11_RetrieveCrls() which then >
calls PK11_GetAllTokens() which loads ever P11 token, including those >
that need a login. I am not certain how I can get around this.
This search isn't unnecessary. The cert verification algorithm is looking
for CRLs and needs to search for objects in the token. If it didn't
authenticate at this step, it would authenticate to find certificates.
One way around this is to make your token "friendly", which means it will
allow C_FindObjects to work without being logged in, and will only require
you to be logged in if you are using private keys in the token.
Thanks Julien, I tested this and it works.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
