From 15bb67bac7fb773e7e6ec8169f571ac02358c9a8 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Apr 06 2023 19:11:13 +0000
Subject: Don't restrict tokens to CKM_RSA_X_509


This mechanism is raw RSA and too specific for other tokens.

Instead return all tokens and let the user determine whether it
is fit for purpose.

Fixes: https://pagure.io/certmonger/issue/260

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

---

diff --git a/src/certsave-n.c b/src/certsave-n.c
index 2b4167a..0401822 100644
--- a/src/certsave-n.c
+++ b/src/certsave-n.c
@@ -282,7 +282,7 @@ cm_certsave_n_main(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry,
 			_exit(CM_CERTSAVE_STATUS_INTERNAL_ERROR);
 		}
 		/* Find the tokens that we might use for cert storage. */
-		mech = CKM_RSA_X_509;
+		mech = CKM_INVALID_MECHANISM;
 		slotlist = PK11_GetAllTokens(mech, PR_FALSE, PR_FALSE, NULL);
 		if (slotlist == NULL) {
 			cm_log(1, "Error getting list of tokens.\n");