From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sun, 29 Mar 2015 17:36:01 +0000 (+0300)
Subject: Do not use CKA_SIGN or CKA_VERIFy
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~33^2~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b8360d14a3ccfa0cd80bca60f192c7e93317f0a9;p=thirdparty%2Fpdns.git

Do not use CKA_SIGN or CKA_VERIFy

These are not supported by OpenSC for some cards
---

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index fababbcd4e..df3a64aed9 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -307,7 +307,7 @@ class Pkcs11Token {
       std::vector<P11KitAttribute> attr;
       std::vector<CK_OBJECT_HANDLE> key;
       attr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PRIVATE_KEY));
-      attr.push_back(P11KitAttribute(CKA_SIGN, (char)CK_TRUE));
+//      attr.push_back(P11KitAttribute(CKA_SIGN, (char)CK_TRUE));
       attr.push_back(P11KitAttribute(CKA_LABEL, d_label));
       FindObjects2(attr, key, 1);
       if (key.size() == 0) {
@@ -317,7 +317,7 @@ class Pkcs11Token {
       d_private_key = key[0];
       attr.clear();
       attr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PUBLIC_KEY));
-      attr.push_back(P11KitAttribute(CKA_VERIFY, (char)CK_TRUE));
+//      attr.push_back(P11KitAttribute(CKA_VERIFY, (char)CK_TRUE));
       attr.push_back(P11KitAttribute(CKA_LABEL, d_label));
       FindObjects2(attr, key, 1);
       if (key.size() == 0) {