* @GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
* @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
* @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
+ * @GNUTLS_PKCS11_PIN_WRONG: Last given PIN was not correct.
*
* Enumeration of different PIN flags.
*/
{
GNUTLS_PKCS11_PIN_USER = (1 << 0),
GNUTLS_PKCS11_PIN_SO = (1 << 1),
- GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3),
+ GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = (1 << 4),
+ GNUTLS_PKCS11_PIN_WRONG = (1 << 5),
} gnutls_pkcs11_pin_flag_t;
/**
flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
}
+ if (attempts > 0)
+ flags |= GNUTLS_PKCS11_PIN_WRONG;
+
ret = pin_func (pin_data, attempts, (char*)token_str, label,
flags, pin_value, GNUTLS_PKCS11_MAX_PIN_LEN);
free (token_str);
cache = 0;
printf ("*** Only few tries left before locking!\n");
}
+
+ if (flags & GNUTLS_PKCS11_PIN_WRONG)
+ {
+ cache = 0;
+ printf ("*** Wrong PIN has been provided!\n");
+ }
if (cache > 0 && cached_url != NULL)
{
exit (1);
}
+ fprintf(stderr, "Re-using cached PIN for token '%s'\n", token_label);
strcpy (pin, cached_pin);
cache--;
return 0;