From 1d89886e00a36788cf16d1c5de9cca224074edcf Mon Sep 17 00:00:00 2001
From: james <james@e7ae566f-a301-0410-adde-c780ea21d3b5>
Date: Wed, 1 Nov 2006 00:07:21 +0000
Subject: Merged Alon's branch:

svn merge -r1322:1392 https://svn.openvpn.net/projects/openvpn/contrib/alon/21rc/openvpn .

Version 2.1_rc1 released


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@1420 e7ae566f-a301-0410-adde-c780ea21d3b5
---
 pkcs11-helper.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'pkcs11-helper.c')

diff --git a/pkcs11-helper.c b/pkcs11-helper.c
index 391d91f..4dd798e 100644
--- a/pkcs11-helper.c
+++ b/pkcs11-helper.c
@@ -5196,6 +5196,19 @@ _pkcs11h_certificate_private_op (
 			fOpSuccess = TRUE;
 		}
 		else {
+			/*
+			 * OpenSC workaround
+			 * It still allows C_FindObjectsInit when
+			 * token is removed/inserted but fails
+			 * private key operation.
+			 * So we force logout.
+			 * bug#108 at OpenSC trac
+			 */
+			if (fLoginRetry && rv == CKR_DEVICE_REMOVED) {
+				fLoginRetry = FALSE;
+				_pkcs11h_logout (certificate->session);
+			}
+
 			if (!fLoginRetry) {
 				PKCS11H_DEBUG (
 					PKCS11H_LOG_DEBUG1,
@@ -5778,7 +5791,7 @@ pkcs11h_certificate_getCertificateBlob (
 	if (certificate_blob != NULL) {
 		if (
 			rv == CKR_OK &&
-			certifiate_blob_size_max > certificate->id->certificate_blob_size
+			certifiate_blob_size_max < certificate->id->certificate_blob_size
 		) {
 			rv = CKR_BUFFER_TOO_SMALL;
 		}
-- 
cgit v1.2.3