{
CK_BBOOL modifiablev = CK_TRUE;
CK_ATTRIBUTE *attrs;
+ CK_ATTRIBUTE *attr;
p11_array *objects;
bool ret;
int i;
ret = p11_persist_read (parser->persist, parser->basename, data, length, objects);
if (ret) {
for (i = 0; i < objects->num; i++) {
- attrs = p11_attrs_build (objects->elem[i], &modifiable, NULL);
+ /* By default, we mark objects read from a persist
+ * file as modifiable, as the persist format is
+ * writable. However, if CKA_MODIFIABLE is explictly
+ * set in the file, respect the setting. */
+ attrs = objects->elem[i];
+ attr = p11_attrs_find_valid (objects->elem[i], CKA_MODIFIABLE);
+ if (!attr)
+ attrs = p11_attrs_build (attrs, &modifiable, NULL);
sink_object (parser, attrs);
}
}
{ CKA_CLASS, &certificate, sizeof (certificate) },
{ CKA_VALUE, (void *)verisign_v1_ca, sizeof (verisign_v1_ca) },
{ CKA_TRUSTED, &truev, sizeof (truev) },
+ { CKA_MODIFIABLE, &falsev, sizeof (falsev) },
{ CKA_X_DISTRUSTED, &falsev, sizeof (falsev) },
{ CKA_INVALID },
};
projects / p11-kit / commitdiff