Hi, Is this an issue from the CSP -> OpenSC PKCS#11 module ? We are in the process of making updates so it might be a good time for us to address this (if it is not already) You should be able to work around this in a shim pkcs#11 module like pkcs11spy by abstracting C_OpenSession and determining if the P11 module was already closed down and calling C_Initialize again before passing C_OpenSession through.
Thanks, Dave On Jul 13, 2007, at 4:39 PM, Douglas E. Engert wrote: > More info on this. I think it is an ID Ally bug. > > Looking at spy and opensc debug logs, It looks like > the CSP is called when a card is removed sounds reasonable. > > The Id Ally does C_Initialize, C_GetSlotList, > a loop over the 8 slots for C_GetSlotInfo > then a C_Finalize. > > I then logged off and try to login again. > > Rather then another C_Initialize as would be expected > since C_Finalize was called last, Id Ally does a C_OpenSession. > > The way I read PKCS#11 2.01 under C_Finalize it says: > "C_Finalize is called to indicate that an application is finished > with the Cryptoki library." > If IdAlly wants to use the library again, it should call C_Initialize. > > > IdAlly tries some other thinks, and gets back in sync so the next > login works. > > But I would also think OpenSC should give an error if the > C_OpenSession > is called and C_Initialize has not been called. But it is not clear if > Id Ally could get back in sync! > > > kamal kumar wrote: >> Hi, >> Today i tried certificate logon in XP with PIV card. >> As i told you before, first certificate logon after >> reboot succeeded. But the second logon failed. >> I have attached the opensc log files with this. This >> log file contain entries for first successful logon >> and second failed logon. >> Please give your opinion. >> Regards, >> Kamal. >> --- "Douglas E. Engert" <[EMAIL PROTECTED]> wrote: >>> >>> kamal kumar wrote: >>>> Hi all, >>>> I tried certificate logon with "Identity Alliance >>> CSP" >>>> and opensc-pkcs11 module in XP machine. The >>>> certificate logon works fine for the first time. >>> But >>>> if we logoff and again tries to do certificate >>> logon, >>>> the logon fails second time. >>>> >>>> I want to confirm whether it is a issue. >>> Works OK for me. >>> >>>> I analysed the opensc log files. I think following >>> is >>>> the reason for the error. In XP, opensc-pkcs11 >>> module >>>> maintains the pc/sc smartcard connection during >>> the >>>> first certificate logon. And it uses the same >>> pc/sc >>>> connection for the second certificate logon also. >>> But >>>> since we removed and inserted the card in the >>> middle >>>> for getting PIN prompt in winlogon, we are getting >>> the >>>> error. >>> Sounds like the card failed to do an unlock() at >>> some time >>> and so the pcsc connection might still be active. >>> What type/version of IdAlly, OpenSC, card and reader >>> are >>> you using? >>> >>> I am using IdAlly-1.0, SCB-0.8 ( >>> PIV card and pcmcia GemPC card. >>> >>> Note scb-0.8 is based on OpenSC-0.11.2 but the >>> version numbers in the opensc-pkcs11.dll says >>> 0.11.1. >>> >>> >>>> Can any one please tell me whether it is a issue >>> and >>>> Is there any way to solve this. >>>> Regards, >>>> Kamal. >>>> >>>> >>>> >>>> >> _____________________________________________________________________ >> _______________ >>>> Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to >>>> see what's on, when. http://tv.yahoo.com/collections/222 >>>> _______________________________________________ >>>> opensc-devel mailing list >>>> [email protected] >>>> >> http://www.opensc-project.org/mailman/listinfo/opensc-devel >>>> >>> -- >>> >>> Douglas E. Engert <[EMAIL PROTECTED]> >>> Argonne National Laboratory >>> 9700 South Cass Avenue >>> Argonne, Illinois 60439 >>> (630) 252-5444 >>> >> >> _____________________________________________________________________ >> _______________ >> Get the Yahoo! toolbar and be alerted to new email wherever you're >> surfing. >> http://new.toolbar.yahoo.com/toolbar/features/mail/index.php > > -- > > Douglas E. Engert <[EMAIL PROTECTED]> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
