@@ -4078,10 +4078,11 @@ CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(CK_VOID_PTR pInitArgs) { CK_C_INITIALIZE_ARGS CK_PTR args; uint32_t idx, highest_slot; int mutex_init_ret; + int include_dod_certs; CACKEY_DEBUG_PRINTF("Called."); if (cackey_initialized) { CACKEY_DEBUG_PRINTF("Error. Already initialized."); @@ -4121,11 +4122,25 @@ cackey_slots[idx].token_flags = 0; cackey_slots[idx].label = NULL; cackey_slots[idx].internal = 0; } +#ifdef CACKEY_NO_EXTRA_CERTS + if (getenv("CACKEY_EXTRA_CERTS") != NULL) { + include_dod_certs = 1; + } else { + include_dod_certs = 0; + } +#else if (getenv("CACKEY_NO_EXTRA_CERTS") != NULL) { + include_dod_certs = 0; + } else { + include_dod_certs = 1; + } +#endif + + if (include_dod_certs == 0) { CACKEY_DEBUG_PRINTF("Asked not to include DoD certificates"); } else { highest_slot = (sizeof(cackey_slots) / sizeof(cackey_slots[0])) - 1; CACKEY_DEBUG_PRINTF("Including DoD certs in slot %lu", (unsigned long) highest_slot);