Use PKCS11_MODNAME for NSS PKINIT by default

Do what the OpenSSL-using code paths do, and load PKCS11_MODNAME if no
module is specified when we're told to use a PKCS11 identity.

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 3c6a87d5e48ad906811d0477650caf859dedd02b..1b2172c223918e2479497d23f97b49a88e803467 100644 (file)
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2109,6 +2109,13 @@ crypto_load_pkcs11(krb5_context context,
     if (idopts == NULL)
         return SECFailure;
 
+    /* If no module is specified, use the default module from pkinit.h. */
+    if (idopts->p11_module_name == NULL) {
+        idopts->p11_module_name = strdup(PKCS11_MODNAME);
+        if (idopts->p11_module_name == NULL)
+            return SECFailure;
+    }
+
     /* Build the module spec. */
     spec_size = strlen("library=''") + strlen(idopts->p11_module_name) * 2 + 1;
     spec = PORT_ArenaZAlloc(id_cryptoctx->pool, spec_size);