From b8360d14a3ccfa0cd80bca60f192c7e93317f0a9 Mon Sep 17 00:00:00 2001
From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sun, 29 Mar 2015 20:36:01 +0300
Subject: [PATCH] Do not use CKA_SIGN or CKA_VERIFy

These are not supported by OpenSC for some cards
---
 pdns/pkcs11signers.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index fababbcd4e..df3a64aed9 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -307,7 +307,7 @@ class Pkcs11Token {
       std::vector<P11KitAttribute> attr;
       std::vector<CK_OBJECT_HANDLE> key;
       attr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PRIVATE_KEY));
-      attr.push_back(P11KitAttribute(CKA_SIGN, (char)CK_TRUE));
+//      attr.push_back(P11KitAttribute(CKA_SIGN, (char)CK_TRUE));
       attr.push_back(P11KitAttribute(CKA_LABEL, d_label));
       FindObjects2(attr, key, 1);
       if (key.size() == 0) {
@@ -317,7 +317,7 @@ class Pkcs11Token {
       d_private_key = key[0];
       attr.clear();
       attr.push_back(P11KitAttribute(CKA_CLASS, (unsigned long)CKO_PUBLIC_KEY));
-      attr.push_back(P11KitAttribute(CKA_VERIFY, (char)CK_TRUE));
+//      attr.push_back(P11KitAttribute(CKA_VERIFY, (char)CK_TRUE));
       attr.push_back(P11KitAttribute(CKA_LABEL, d_label));
       FindObjects2(attr, key, 1);
       if (key.size() == 0) {
-- 
2.47.2