Kamil Dudka wrote:
> Rob, any objections?
>
> Kamil
>
>
> ---------- Forwarded Message ----------
>
> Subject: Re: issues with pre-login to pkcs11 slots when using NSS
> Date: Wednesday 15 of July 2009
> From: Claes Jakobsson <claes_at_versed.se>
> To: Kamil Dudka <kdudka_at_redhat.com>
>
> On Jul 14, 2009, at 3:20 PM, Kamil Dudka wrote:
>> These warnings were introduced by me. It is fixed in the attached
>> patch.
>
> No warnings now with your latest revision of the patch so I think it's
> good for integration now if that's ok with Daniel and Rob.
>
> /Claes
>
> -------------------------------------------------------

It generally looks ok, I just saw a couple of things:

- line 818 prints an error that nickname wasn't specified but includes
nickname in the argument list.
- you should probably verify earlier that pRetKey is returned by
NSS_GetClientAuthData(). Why display the cert info if there isn't a key?
- I'm not sure why you are getting the certificate nickname you are in
this block:

   nickname = (*pRetCert)->nickname;
   if (NULL == nickname)
     nickname = "[unknown]";

Why not just use the nickname that the user provided (or show both)?

Otherwise it looks ok, sorry it took me so long to review.

rob