[Bug 3879] ssh: pkcs11 key enumeration fails with "pin required"

[bugzilla-daemon at mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=3879

--- Comment #11 from jan.nordholz at mail.de ---
Hi,

the only reason pkcs11_fetch_x509_pubkey() fails without printing an
error() on its own is if pkcs11_record_key() fails, and the only reason
for that one to fail without printing an error is if the key is already
known - which doesn't constitute an error worth printing at all (and
"failed to fetch" is even just wrong).

So maybe this error() in pkcs11_fetch_certs() can be dropped?

Here's my log snippet:
=====
debug1: pkcs11_record_key: RSA key: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 00
debug2: pkcs11_fetch_keys: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0: RSA SHA256:...
debug1: have 1 keys
debug1: pkcs11_record_key: RSA key: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 01
debug2: pkcs11_fetch_keys: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0: RSA SHA256:...
debug1: have 2 keys
debug1: pkcs11_record_key: RSA key: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 02
debug2: pkcs11_fetch_keys: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0: RSA SHA256:...
debug1: have 3 keys
debug1: pkcs11_record_key: RSA key: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 00
debug1: pkcs11_record_key: Already seen this key at provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 00
failed to fetch key from x.509 cert
debug1: pkcs11_record_key: RSA key: provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 02
debug1: pkcs11_record_key: Already seen this key at provider
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0 keyid 02
failed to fetch key from x.509 cert
=====

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.