ldap/servers/slapd/ssl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit f608a943745e51fe4b5dbfb18bada2e2d13e0d6a
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Tue Nov 26 08:14:07 2013 -0700
Ticket #47596 attrcrypt fails to find unlocked key
https://fedorahosted.org/389/ticket/47596
Reviewed by: nkinder (Thanks!)
Branch: 389-ds-base-1.3.2
Fix Description: Additional fix to the previous fix. As it turns out, the
function PK11_IsLoggedIn() only returns true if the slot has been unlocked
with a pin or password. If the slot does not need a login at all, because
the cert/key db has no password, PK11_IsLoggedIn will return false. The code
must check for PK11_NeedLogin too.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: no
(cherry picked from commit e66c4cecc47eff659a72a51c1e1722fb41c1dfbc)
diff --git a/ldap/servers/slapd/ssl.c b/ldap/servers/slapd/ssl.c
index 8b80acb..61809aa 100644
--- a/ldap/servers/slapd/ssl.c
+++ b/ldap/servers/slapd/ssl.c
@@ -1602,7 +1602,7 @@ slapd_get_unlocked_key_for_cert(CERTCertificate *cert, void
*pin_arg)
slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
"Missing slot for slot list element for certificate [%s]\n",
certsubject);
- } else if (PK11_IsLoggedIn(slot, pin_arg)) {
+ } else if (!PK11_NeedLogin(slot) || PK11_IsLoggedIn(slot, pin_arg)) {
key = PK11_FindKeyByDERCert(slot, cert, pin_arg);
slapi_log_error(SLAPI_LOG_TRACE, "slapd_get_unlocked_key_for_cert",
"Found unlocked slot [%s] token [%s] for certificate [%s]\n",