Try to avoid requesting a PIN just to load a cert

In many tokens certificates can be loaded without logging into the token, If the URI unequivocally refrences a certificate object, try to load it without forsing a login. Signed-off-by: Simo Sorce <[email protected]>
latchset · Feb 10, 2025 · 25483ba · 25483ba
1 parent 5b4ef96
commit 25483ba
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/store.c b/src/store.c
@@ -97,7 +97,8 @@ static void store_fetch(struct p11prov_store_ctx *ctx,
         || login_behavior == PUBKEY_LOGIN_ALWAYS) {
         login = true;
     }
-    if (p11prov_uri_get_class(ctx->parsed_uri) == CKO_PUBLIC_KEY
+    if ((p11prov_uri_get_class(ctx->parsed_uri) == CKO_PUBLIC_KEY
+         || p11prov_uri_get_class(ctx->parsed_uri) == CKO_CERTIFICATE)
         && login_behavior != PUBKEY_LOGIN_ALWAYS) {
         login = false;
     }