|Reported by:||DJ Lucas||Owned by:||DJ Lucas|
libgnutls: Handle specially HSMs which request explicit authentication.
There are HSMs which return CKR_USER_NOT_LOGGED_IN on the first private key operation. Detect that state and try to login.
libgnutls: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs.
That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag a login will be forced. This improves operation on certain Safenet HSMs.
libgnutls: do not set leading zeros when copying integers on HSMs.
PKCS#11 defines integers as unsigned having most significant byte first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by some HSMs which do not accept an integer with a leading zero. This improves operation with certain Atos HSMs.
libgnutls: Fixed issue discovering certain OCSP signers, and improved the
discovery of OCSP signer in the case where the Subject Public Key identifier field matches. Resolves gitlab issue #223.
gnutls-cli: ensure OCSP responses are saved with --save-ocsp even if
certificate verification fails.
API and ABI modifications: No changes since last version.