Re: Various small changes to OpenSC

Stef Hoeben wrote:
> > > - p15_init.diff:
> > >    - Add sc_pkcs15init_auth_by_fci() for authentication based on the
> > >       card's real ACLs instead of the ones from the profile files.
> >
> >
> >
> > where is this function needed ? anyway I don't think it's good idea
> > to introduce a new function to do something another function should
> > already do.
>
>
> It's an alternative to sc_pkcs15_authenticate(). The limitation with
> that function is that it gets the ACs from the profile file, instead of
> from the real card. So if you have a card that wasn't made with
> pkcs15-init, or you changed the profile file afterwards, the function
> may fail.

I think it would be better to let sc_pkcs15init_authenticate use real
ACs if the are available. The only problem is that some card don't tell
us the ACs => the current profile based approach. What about a new card
capability for that and sc_pkcs15init_authenticate uses the real AC if
the card can tell us the ACs.

> > >    - move the init_card() call after the code that sets the pin stuff
> >
> >
> >
> > any reason for that ? I ask because it might be possible that driver
> > needs to access the card in order to get an id for the so-pin, but it
> > can't really access the card before it has been initialized.
>
>
> Hm, perhaps it might be a problem for starcos.

no it's not. at least not now

> So indeed better to play safe and keep it as it is.
> The reason is that a new SetCOS 4.4 doesn't come with a MF,
> so we create one in init_card(), protected with AC's depending on
> the SO pin. I'll try change it.

ok, understand (yet another problem with the new style api). Commit
this change but please add a note why.

Nils