84761 – We should use the key identifier certificate extension to fill CKA_ID

Bug 84761 - We should use the key identifier certificate extension to fill CKA_ID

Summary: We should use the key identifier certificate extension to fill CKA_ID

Status:	RESOLVED FIXED

Alias:	None

Product:	p11-glue
Classification:	Unclassified
Component:	p11-kit (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	Stef Walter
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-10-07 16:39 UTC by Stef Walter
Modified:	2014-10-09 11:51 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible (16.43 KB, patch) 2014-10-09 09:55 UTC, Stef Walter	Details \| Splinter Review
View All

Description Stef Walter 2014-10-07 16:39:13 UTC

The PKCS#11 v2.40 spec states:

| It is intended that the CKA_ID value be identical to the key identifier in
| such a certificate extension, although this will not be enforced by Cryptoki.

We should populate the CKA_ID in this way.

Comment 1 Stef Walter 2014-10-09 09:55:00 UTC

Created attachment 107606 [details] [review]
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Comment 2 David Woodhouse 2014-10-09 10:08:44 UTC

Comment on attachment 107606 [details] [review]
trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Review of attachment 107606 [details] [review]:
-----------------------------------------------------------------

That fixes my problem; thanks.

Comment 3 Stef Walter 2014-10-09 11:51:08 UTC

Attachment 107606 [details] pushed as 03d280d - trust: Certificate CKA_ID is SubjectKeyIdentifier if possible

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.