URL: https://github.com/SSSD/sssd/pull/665 Author: sumit-bose Title: #665: p11: handle multiple certs during auth with OpenSSL Action: opened
PR body: """ This patch adds missing code already available in the NSS version to select a certificate for authentication if multiple certificates are available on the Smartcard. A unit test to check this feature is added as well.
Related to https://pagure.io/SSSD/sssd/issue/3489 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/665/head:pr665 git checkout pr665
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
jhrozek commented: """ Just for my education, how does this work together with https://github.com/SSSD/sssd/blob/4ff183ecbe4d8e70715eee186f1fedecc335163e/s... ? """
See the full comment at https://github.com/SSSD/sssd/pull/665#issuecomment-426559917
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
jhrozek commented: """ Just for my education, how does this work together with https://github.com/SSSD/sssd/blob/4ff183ecbe4d8e70715eee186f1fedecc335163e/s... ? """
See the full comment at https://github.com/SSSD/sssd/pull/665#issuecomment-426559917
URL: https://github.com/SSSD/sssd/pull/665 Author: sumit-bose Title: #665: p11: handle multiple certs during auth with OpenSSL Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/665/head:pr665 git checkout pr665
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
sumit-bose commented: """
Just for my education, how does this work together with
ah, sorry, I should have copied the related comment from the NSS code as well. The latest version has it.
For authentication p11_child is called with the token name, module name and keyid of the certificate to make sure the one selected by the user is used for authentication.
[sssd/src/p11_child/p11_child_openssl.c](https://github.com/SSSD/sssd/blob/4ff183ecbe4d8e70715eee186f1fedecc335163e/s...)
Lines 749 to 752 in [4ff183e](/SSSD/sssd/commit/4ff183ecbe4d8e70715eee186f1fedecc335163e) if (mode == OP_AUTH) { if (cert_list->next != NULL || cert_list->prev != NULL) {
For authentication after the loop added with this PR only one certificate should be left in the list, i.e. cert_list exists but next and prev are NULL.
HTH
bye, Sumit
DEBUG(SSSDBG_FATAL_FAILURE, "More than one certificate found for authentication, "?
"""
See the full comment at https://github.com/SSSD/sssd/pull/665#issuecomment-426582841
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
jhrozek commented: """ * master: e29b82077a78157a1e4d90e2308c1272d7612f3d """
See the full comment at https://github.com/SSSD/sssd/pull/665#issuecomment-427944129
URL: https://github.com/SSSD/sssd/pull/665 Author: sumit-bose Title: #665: p11: handle multiple certs during auth with OpenSSL Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/665/head:pr665 git checkout pr665
URL: https://github.com/SSSD/sssd/pull/665 Title: #665: p11: handle multiple certs during auth with OpenSSL
Label: +Pushed
sssd-devel@lists.fedorahosted.org
-
jhrozek -
sumit-bose