certmonger/0003-Include-the-token-name-when-a-PIN-is-provided-but-is.patch
Rob Crittenden 37cd032951 Improve NSS token handling
The updated NSS crypto-policy enables all tokens which broke
requesting certificates due to the way that tokens were managed.
2018-10-01 14:34:36 -04:00

50 lines
1.7 KiB
Diff

From c029b32c04a9a5993b9c8715fb82421fee613137 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 31 Aug 2018 10:37:12 -0400
Subject: [PATCH 2/7] Include the token name when a PIN is provided but is
unused
This improves the output so the user will know which token
the PIN is missing for. Theoretically it should be the token
they asked for but this will show certmogner's view of it.
---
src/certread-n.c | 6 +++---
src/keygen-n.c | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/certread-n.c b/src/certread-n.c
index f2e78c07..57a38dcf 100644
--- a/src/certread-n.c
+++ b/src/certread-n.c
@@ -259,9 +259,9 @@ cm_certread_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
if ((pin != NULL) &&
(strlen(pin) > 0) &&
(cb_data.n_attempts == 0)) {
- cm_log(1, "PIN was not needed to auth to cert "
- "db, though one was provided. "
- "Treating this as an error.\n");
+ cm_log(1, "PIN was not needed to auth to token "
+ "%s, though one was provided. "
+ "Treating this as an error.\n", token);
goto next_slot;
}
}
diff --git a/src/keygen-n.c b/src/keygen-n.c
index 8078a520..84b0bbd3 100644
--- a/src/keygen-n.c
+++ b/src/keygen-n.c
@@ -400,8 +400,8 @@ next_slot:
(strlen(pin) > 0) &&
(cb_data.n_attempts == 0)) {
cm_log(1, "PIN was not needed to auth to key "
- "store, though one was provided. "
- "Treating this as an error.\n");
+ "store token %s, though one was provided. "
+ "Treating this as an error.\n", token);
PK11_FreeSlotList(slotlist);
error = NSS_ShutdownContext(ctx);
if (error != SECSuccess) {
--
2.14.4