Update git submodules
* Update barbican from branch 'master' - Use serial number or label for PKCS#11 tokens The PKCS#11 standard does not make any guarantees about slot numbering, so the slot ID alone should not be used to identify a token. Instead, the token's Serial Number or Label should be used to ensure the correct token is being used. This patch adds two new config options to the p11_crypto plugin: token_serial_number and token_label. These new options allow for more flexibility in configuring the PKCS#11 module. The config may include either the token's serial number or its label. Serial numbers should be unique, so they take higher precedence. Some devices allow tokens to have the same label, so this patch ensures that only one token with the specified label is present. If both serial number and label are given, only the serial number will be checked and an error will be raised if it is not found. slot_id continues to work as expected, although its use is discouraged and may be deprecated in a future patch. If the conf contains only the slot_id, it will be used. If the serial number or label are also provided, the new logic will ignore the slot_id and search for the serial number or label instead. Change-Id: I115cf1a7006a6c85f37c5e50ded13134a3dfd1a3
This commit is contained in:
parent
93fe676aca
commit
e155160d3a
2
barbican
2
barbican
|
@ -1 +1 @@
|
|||
Subproject commit 49de1a9d34b793a2fa09407201d0f6757ef46699
|
||||
Subproject commit 69459a0ecf278410835e469347c5f32f5b43ffd5
|
Loading…
Reference in New Issue