Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 560

This issue doesn't manifest if C_Login() fails with the wrong PIN, 
because that failure will be remembered in the identity_prompt_retval 
field of the pkinit_req_context structure, and pkinit_client_process() 
on the draft9 padata type will give up before prompting again.  This 
makes it hard to reproduce the issue in t_pkinit.py using soft-pkcs11.

In the failing scenario, C_Login() succeeds, but C_Sign() later fails.  
I'm not quite sure what the draft9 code path is that results in another 
prompt, since identity_prompted should be true at that point.