@@ -3528,11 +3528,11 @@ static struct cackey_identity *cackey_read_identities(struct cackey_slot *slot, unsigned long *ids_found) { struct cackey_pcsc_identity *pcsc_identities; struct cackey_identity *identities; unsigned long num_ids, id_idx, curr_id_type; unsigned long num_certs, num_dod_certs, cert_idx; - int include_extra_certs = 0; + int include_extra_certs = 0, include_dod_certs; CACKEY_DEBUG_PRINTF("Called."); if (ids_found == NULL) { CACKEY_DEBUG_PRINTF("Error. ids_found is NULL"); @@ -3550,14 +3550,28 @@ if (getenv("CACKEY_NO_DOD_CERTS_ON_HW_SLOTS") != NULL) { include_extra_certs = 0; } +#ifdef CACKEY_NO_EXTRA_CERTS + if (getenv("CACKEY_EXTRA_CERTS") != NULL) { + include_dod_certs = 1; + } else { + include_dod_certs = 0; + } +#else if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) { - num_dod_certs = 0; + include_dod_certs = 0; } else { + include_dod_certs = 1; + } +#endif + + if (include_dod_certs) { num_dod_certs = sizeof(extra_certs) / sizeof(extra_certs[0]); + } else { + num_dod_certs = 0; } if (slot->internal) { num_ids = cackey_read_dod_identities(NULL, num_dod_certs);