From bbcfd7b51b0606496c82be8eb8c2a5bf65eca167 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Mon, 5 Sep 2016 21:38:09 +0100
Subject: [PATCH] Destroy cert cache on login/logout too
Certificates can have the CKA_PRIVATE attribute, so that you need to log
in before you can see them. So destroy the cache when we log in, just as
we do the cache of keys.
---
src/p11_slot.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/p11_slot.c b/src/p11_slot.c
index f031b3e..1fe40ab 100644
--- a/src/p11_slot.c
+++ b/src/p11_slot.c
@@ -195,6 +195,7 @@ int pkcs11_login(PKCS11_SLOT * slot, int so, const char *pin, int relogin)
if (slot->token) {
pkcs11_destroy_keys(slot->token, CKO_PRIVATE_KEY);
pkcs11_destroy_keys(slot->token, CKO_PUBLIC_KEY);
+ pkcs11_destroy_certs(slot->token);
}
if (spriv->loggedIn) {
/* already logged in, log out first */
@@ -251,6 +252,7 @@ int pkcs11_logout(PKCS11_SLOT * slot)
if (slot->token) {
pkcs11_destroy_keys(slot->token, CKO_PRIVATE_KEY);
pkcs11_destroy_keys(slot->token, CKO_PUBLIC_KEY);
+ pkcs11_destroy_certs(slot->token);
}
if (!spriv->haveSession) {
PKCS11err(PKCS11_F_PKCS11_LOGOUT, PKCS11_NO_SESSION);
--
2.5.5