[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_6_1-14-gbfb7f68

[Nikos Mavrogiannopoulos]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=bfb7f68b70459db45c10744671e6a46140438462

The branch, gnutls_2_12_x has been updated
       via  bfb7f68b70459db45c10744671e6a46140438462 (commit)
       via  f6010587f6f766199849eb58d95a5148ad5ce79f (commit)
      from  f750c4949f085735e840e065a8eec7a42d7190c8 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bfb7f68b70459db45c10744671e6a46140438462
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jun 17 20:38:34 2011 +0200

    Limit the number of attempts with the same PIN, to avoid attempting again 
and again with a wrong PIN.

commit f6010587f6f766199849eb58d95a5148ad5ce79f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Fri Jun 17 20:31:58 2011 +0200

    When writing an object with CKA_TRUSTED set CKA_PRIVATE explicitly to 
FALSE, to allow the SO to write it. Reported by Rickard Bellgrim.

-----------------------------------------------------------------------

Summary of changes:
 lib/pkcs11_write.c |    9 ++++++++-
 src/p11common.c    |    7 +++++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/lib/pkcs11_write.c b/lib/pkcs11_write.c
index e9b5f40..823b715 100644
--- a/lib/pkcs11_write.c
+++ b/lib/pkcs11_write.c
@@ -53,11 +53,12 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   size_t der_size, id_size;
   opaque *der = NULL;
   opaque id[20];
-  struct ck_attribute a[10];
+  struct ck_attribute a[16];
   ck_object_class_t class = CKO_CERTIFICATE;
   ck_certificate_type_t type = CKC_X_509;
   ck_object_handle_t obj;
   ck_bool_t tval = 1;
+  ck_bool_t fval = 0;
   int a_val;
   gnutls_datum_t subject = { NULL, 0 };
 
@@ -139,6 +140,7 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
   a[a_val].value_len = subject.size;
   a_val++;
 
+
   if (label)
     {
       a[a_val].type = CKA_LABEL;
@@ -153,6 +155,11 @@ gnutls_pkcs11_copy_x509_crt (const char *token_url,
       a[a_val].value = &tval;
       a[a_val].value_len = sizeof (tval);
       a_val++;
+
+      a[a_val].type = CKA_PRIVATE;
+      a[a_val].value = &fval;
+      a[a_val].value_len = sizeof(fval);
+      a_val++;
     }
 
   rv = pakchois_create_object (pks, a, a_val, &obj);
diff --git a/src/p11common.c b/src/p11common.c
index ae56cf0..0060c88 100644
--- a/src/p11common.c
+++ b/src/p11common.c
@@ -30,6 +30,7 @@
 
 #define MIN(x,y) ((x)<(y))?(x):(y)
 
+#define MAX_CACHE_TRIES 5
 static int
 pin_callback (void *user, int attempt, const char *token_url,
               const char *token_label, unsigned int flags, char *pin,
@@ -37,7 +38,7 @@ pin_callback (void *user, int attempt, const char *token_url,
 {
   const char *password;
   const char * desc;
-  int len, cache = 1;
+  int len, cache = MAX_CACHE_TRIES;
 /* allow caching of PIN */
   static char *cached_url = NULL;
   static char cached_pin[32] = "";
@@ -58,7 +59,7 @@ pin_callback (void *user, int attempt, const char *token_url,
       printf ("*** Only few tries left before locking!\n");
     }
     
-  if (cache == 1 && cached_url != NULL)
+  if (cache > 0 && cached_url != NULL)
     {
       if (strcmp (cached_url, token_url) == 0)
         {
@@ -69,6 +70,7 @@ pin_callback (void *user, int attempt, const char *token_url,
             }
 
           strcpy (pin, cached_pin);
+          cache--;
           return 0;
         }
     }
@@ -91,6 +93,7 @@ pin_callback (void *user, int attempt, const char *token_url,
   strcpy (cached_pin, pin);
   free (cached_url);
   cached_url = strdup (token_url);
+  cache = MAX_CACHE_TRIES;
 
   return 0;
 }


hooks/post-receive
-- 
GNU gnutls