pkcs11_errstrings and raw error codes
Mark Phalan
Mark.Phalan at Sun.COM
Mon Sep 22 10:48:40 EDT 2008
As part of porting the pkinit plugin to OpenSolaris/Solaris I tried to
improve the error reporting in a number of places. The pkiDebug() macro
prints lots of useful information when debugging but without DEBUG
defined pkinit is less than helpful when things go wrong.
There are a number of places where pkiDebug() uses
pkinit_pkcs11_code_to_text() to convert pkcs11 error strings to a human
readable error message. This function uses a lookup table with error
code / string pairs. The error codes used are simply the raw error
number (eg. 0xa2). Any reason why the standard defined error codes (eg.
CKR_PIN_INVALID) weren't used?
-Mark
More information about the krbdev
mailing list