Hi, On Mon, Nov 08, 2021 at 02:45:53PM +1000, Stuart Longland via Gnupg-users wrote:
The HTTP request I need to perform is this one: https://www.vaultproject.io/docs/auth/cert#via-the-apiI tried using Firefox, it can see the certificate presented by `scute`, but it seems Vault isn't designed to authenticate clients that way as best I can tell.
As long as the server allows certificate-based client authentication, it shouldn’t matter to the server that you are using Scute (or any other way to store your certificate) at your end.
However, usage of Scute + Firefox seems broken with TLS 1.3. In my case, it works perfectly fine if I force Firefox to use TLS 1.2 (security.tls.version.max = 3 in about:config), but systematically fails when TLS 1.3 is enabled.
I am not sure about the root cause of the failure with TLS 1.3, or even if the root cause is in Scute itself or in Firefox.
Could you try temporarily disable TLS 1.3 and try again? If it works with TLS 1.2 only, this would suggest you are running into the same problem as me.
If I try doing the same with `scute`, I get nothing: $ p11tool --provider=/usr/lib64/pkcs11/scute.so --list-tokens Consequently, I have no idea what hardware token URI to supply to `curl` when authenticating. Is there some trick needed to get `scute` to tell me what tokens are present or how to find out what the URL of my private key is?
I would need to look at how is p11tool generating its output, but I suspect it may be using some PKCS#11 functions that Scute does not currently implement.
- Damien
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
