Bug 1272127

Summary: Explicitly set CKA_PRIVATE to false when writing certificates (backport upstream patch 4df35b92)
Product: [Fedora] Fedora Reporter: Sumit Bose <sbose>
Component: openscAssignee: Jakub Jelen <jjelen>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 24CC: gmazyland, jjelen, klember, nmavrogi, stefw, tmraz
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: opensc-0.15.0-6.fc24 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1272128 (view as bug list) Environment:
Last Closed: 2016-07-28 23:53:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1272128    

Description Sumit Bose 2015-10-15 14:28:49 UTC 
Description of problem:
pkcs11-tool should explicitly set CKA_PRIVATE to "false" for certificates and public keys, since the PKCS#11 spec doesn't specify a default and some drivers use "private" as the default, making it impossible to add a public key/cert using pkcs11-tool.

The patch is available upstream at
https://github.com/OpenSC/OpenSC/commit/4df35b922c8eb7e0776a23260b65e570b33e4d42

Version-Release number of selected component (if applicable):


How reproducible:
Write a certificate to the softhsm2 PKCS#11 module and try to read it without login in

Steps to Reproduce:
1. pkcs11-tool --module  /usr/lib64/pkcs11/libsofthsm2.so --slot 0   -w ./cert.der  -y cert -l
2. pkcs11-tool --module  /usr/lib64/pkcs11/libsofthsm2.so --slot 0   -O


Actual results:
- nothing- 

Expected results:
Certificate Object, type = X.509 cert
- plus additional data -
Comment 1 Fedora End Of Life 2016-07-19 18:13:50 UTC 
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 2 Jakub Jelen 2016-07-20 14:40:49 UTC 
I am actually building this update.
Comment 3 Fedora Update System 2016-07-20 15:12:43 UTC 
opensc-0.15.0-6.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
Comment 4 Fedora Update System 2016-07-21 04:20:51 UTC 
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
Comment 5 Fedora Update System 2016-07-28 23:53:46 UTC 
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.