-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: SoftHSM 2.0.0a2
-
Fix Version/s: None
-
Component/s: PKCS#11 Interface
-
Labels:None
I used softhsm-2.0.0b1 from fedora 21 and trying to write a certificate in a softhsm db with CKA_TRUSTED fails with:
P11Attributes.cpp(407): A trusted certificate cannot be modified
How reproducible:
1. cat >config
directories.tokendir = db
objectstore.backend = file
2. export SOFTHSM2_CONF=config
3. mkdir db
4. softhsm2-util --init-token --slot 0 --label test --so-pin 1234 --pin 1234
5. p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --mark-trusted --load-certificate any-cert.pem --label test --so-login
Output:
Error writing certificate: PKCS #11 error in attribute
Expected Output:
Success.
Writing the same certificate without the mark-trusted flag works fine.
This seems to be a regression from version 1, as this use case works properly with softhsmv1. The p11tool is from gnutls utils.
I attach the output from pkcs11-spy for the failed operation.
- relates to
-
-
- Closed
-