Open
Description
Hello,
Our organisation have smart cards with two valid certificates with the same CKA_ID and CKA_LABEL.
The certificates use the same keys but have different issuers.
Currently this fails in p11_child in auth mode:
DEBUG(SSSDBG_FATAL_FAILURE, "More than one certificate found for authentication, " "aborting!\n");
Since we trust both the issuers it doesn't matter to us which certificate is being used,
so our fix for this is to check for duplicate CKA_ID and CKA_LABEL in read_certs in p11_child_openssl.c.
If we find a duplicate we won't add it to the certificate list.
Is there a better way of doing this and will you accept a pull request for this?
Metadata
Metadata
Assignees
Labels
No labels