Bug 84761

Summary: We should use the key identifier certificate extension to fill CKA_ID
Product: p11-glue Reporter: Stef Walter <stefw>
Component: p11-kitAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: stefw
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Description Stef Walter 2014-10-07 16:39:13 UTC 
The PKCS#11 v2.40 spec states:

| It is intended that the CKA_ID value be identical to the key identifier in
| such a certificate extension, although this will not be enforced by Cryptoki.

We should populate the CKA_ID in this way.
Comment 1 Stef Walter 2014-10-09 09:55:00 UTC 
Created attachment 107606 [details] [review]
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible
Comment 2 David Woodhouse 2014-10-09 10:08:44 UTC 
Comment on attachment 107606 [details] [review]
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Review of attachment 107606 [details] [review]:
-----------------------------------------------------------------

That fixes my problem; thanks.
Comment 3 Stef Walter 2014-10-09 11:51:08 UTC 
Attachment 107606 [details] pushed as 03d280d - trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.