Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[4.5, master] Fix PKCS11 helper #675

Closed
wants to merge 1 commit into from
Closed

[4.5, master] Fix PKCS11 helper #675

wants to merge 1 commit into from

Conversation

MartinBasti
Copy link
Contributor

@MartinBasti MartinBasti commented Mar 29, 2017
edited

Slots in HSM are not assigned statically, we have to chose proper
slot from token label.

Softhsm i2.2.0 changed this behavior and now slots can change over
time (it is allowed by pkcs11 standard).

Changelog:

  • created method get_slot() that returns slot number from
    used label
  • replaces usage of slot in init method of P11_Helper
    with label
  • slot is dynamically detected from token label before
    session is opened
  • pkcs11-util --init-token now uses '--free' instead '--slot'
    which uses first free slot (we don't care about slot numbers
    anymore)

https://pagure.io/freeipa/issue/6692

@stlaz stlaz self-assigned this Mar 30, 2017
@stlaz
Copy link
Contributor

stlaz commented Mar 30, 2017
edited

cffi.api.CDefError: cannot parse "typedef CK_RV (*CK_C_GetSlotList) (CK_BBOOL tokenPresent,
-> you're using CK_BBOOL type before defining it.

edit: you're doing the same for all the argument types in the function pointer

@MartinBasti
Fix PKCS11 helper
5d5db00 
Slots in HSM are not assigned statically, we have to chose proper
slot from token label.

Softhsm i2.2.0 changed this behavior and now slots can change over
time (it is allowed by pkcs11 standard).

Changelog:
* created method get_slot() that returns slot number from
  used label
* replaces usage of slot in __init__ method of P11_Helper
  with label
* slot is dynamically detected from token label before
  session is opened
* pkcs11-util --init-token now uses '--free' instead '--slot'
  which uses first free slot (we don't care about slot numbers
  anymore)

https://pagure.io/freeipa/issue/6692
@MartinBasti MartinBasti changed the title [WIP] Fix PKCS11 helper [4.5, master] Fix PKCS11 helper Apr 5, 2017
@MartinBasti
Copy link
Contributor Author

In 50% cases DNSSEC works for me :-). Ready for review.

(The issue was unrelated to PKCS11, I had somehow broken machine probably)

@stlaz
Copy link
Contributor

stlaz commented Apr 11, 2017

I ran the integration test and the result was fine, ACK.

@stlaz stlaz added the ack Pull Request approved, can be merged label Apr 11, 2017
@MartinBasti
Copy link
Contributor Author

ipa-4-5:

master:

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Apr 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@stlaz stlaz

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
2 participants
@MartinBasti @stlaz