]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
If a callback fails try the other.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 16 Apr 2012 16:41:00 +0000 (18:41 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Mon, 16 Apr 2012 16:42:08 +0000 (18:42 +0200)
NEWS
lib/pkcs11.c

diff --git a/NEWS b/NEWS
index c105b32cd005171c517f566ed52900dfab9dc12b..41e306575b2a6a3b34b61271ca72c0a72dc2fd9b 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,8 @@ See the end for copying conditions.
 * Version 3.1.0 (unreleased)
 
 ** libgnutls: When decoding a PKCS #11 URL the pin-source field
-is assumed to be a file that stores the pin.
+is assumed to be a file that stores the pin. Based on patch
+by David Smith.
 
 ** API and ABI modifications:
 No changes since last version.
index ca7b76b8e4ac12ba34264614f6c47498e5064a57..6cc40f3c3a0511fd07ca6f9b81cfe917cb0b33bb 100644 (file)
@@ -1948,7 +1948,7 @@ retrieve_pin_for_callback (struct ck_token_info *token_info, int attempts,
   *pin = p11_kit_pin_new_for_string (pin_value);
   
   if (*pin == NULL)
-    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+    return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
 
   return 0;
 }
@@ -1958,29 +1958,32 @@ retrieve_pin (struct p11_kit_uri *info, struct ck_token_info *token_info,
               int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin)
 {
   const char *pinfile;
+  int ret = GNUTLS_E_PKCS11_PIN_ERROR;
 
   *pin = NULL;
 
   /* Check if a pinfile is specified, and use that if possible */
   pinfile = p11_kit_uri_get_pinfile (info);
-  if (pinfile != NULL && attempts == 0)
+  if (pinfile != NULL)
     {
       _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
-      return retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
+      ret = retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
     }
 
   /* The global gnutls pin callback */
-  else if (pin_func)
-    return retrieve_pin_for_callback (token_info, attempts, user_type, pin);
+  if (pin_func && ret < 0)
+    ret = retrieve_pin_for_callback (token_info, attempts, user_type, pin);
 
   /* Otherwise, PIN entry is necessary for login, so fail if there's
    * no callback. */
-  else
+  
+  if (ret < 0)
     {
       gnutls_assert ();
-      _gnutls_debug_log ("pk11: No pin callback but login required.\n");
-      return GNUTLS_E_PKCS11_ERROR;
+      _gnutls_debug_log ("pk11: No suitable pin callback but login required.\n");
     }
+    
+  return ret;
 }
 
 int