Description: Add a pinfile callback handler.
Last-Update: 2012-2-7

Index: gnutls28-3.0.11/lib/pkcs11.c
===================================================================
--- gnutls28-3.0.11.orig/lib/pkcs11.c	2011-11-10 13:11:08.000000000 -0800
+++ gnutls28-3.0.11/lib/pkcs11.c	2012-02-08 04:54:41.641262727 -0800
@@ -807,6 +807,8 @@
   unsigned long count;
   ck_rv_t rv;
 
+  p11_kit_pin_register_callback (P11_KIT_PIN_FALLBACK, p11_kit_pin_file_callback,
+                                 NULL, NULL);
   ret = pkcs11_open_session (&module, &pks, info, flags & SESSION_LOGIN);
   if (ret < 0)
     {
@@ -1919,29 +1921,32 @@
               int attempts, ck_user_type_t user_type, struct p11_kit_pin **pin)
 {
   const char *pinfile;
-
+  int result = GNUTLS_E_PKCS11_PIN_ERROR;
   *pin = NULL;
 
   /* Check if a pinfile is specified, and use that if possible */
   pinfile = p11_kit_uri_get_pinfile (info);
-  if (pinfile != NULL)
+
+  if (pinfile != NULL && attempts <= 0)
     {
       _gnutls_debug_log("pk11: Using pinfile to retrieve PIN\n");
-      return retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
+      result = retrieve_pin_for_pinfile (pinfile, token_info, attempts, user_type, pin);
     }
 
   /* The global gnutls pin callback */
-  else if (pin_func)
-    return retrieve_pin_for_callback (token_info, attempts, user_type, pin);
+  else if (pin_func && result)
+    result = retrieve_pin_for_callback (token_info, attempts, user_type, pin);
 
   /* Otherwise, PIN entry is necessary for login, so fail if there's
    * no callback. */
   else
     {
-      gnutls_assert ();
-      _gnutls_debug_log ("pk11: No pin callback but login required.\n");
-      return GNUTLS_E_PKCS11_ERROR;
+      if (result) {
+        gnutls_assert ();
+        _gnutls_debug_log ("pk11: No pin callback but login required.\n");
+      }
     }
+  return result;
 }
 
 int