Hi,
i use strongswan ontop of opensc to authenticate to firewalls for vpn- connections. All strongswan-versions have problems using opensc-pkcs11.so of opensc after rev3784 to authenticate with the firewall. opensc 0.11.12 also doesnt work. Installing rev3784 i can establish the connection, with rev3785 not. With that commit 25 files were changed, the problem came in with patching the three files in src/pkcs11/ directory. Apparently strongswan is using a different cert with rev3785. 'pkcs15-tool -c' shows same results with rev3784 and rev3785. for i in 45 46 47 49; do pkcs15-tool -r $i|openssl x509 -noout -subject; done outputs the same subjects with both revisions. Setting 'debug = 10' i see rev3785 apparently hands out other certs than rev3784. We already had such problems in the past, they were fixed with newer opensc and still fixed for pkcs15-tool, but appeared now with opensc-pkcs11.so . The card used is netkey, tcos. In first step of production private-keys and certs are stored on it, with a later step personalized (persons name appears in subject) certs are written onto the card. opensc-pkcs11.so is as i see it now handing out the first cert. Any suggestions? I could look into just changing the 'paths' to the certs for netkey-cards, but thats just a hack. Just using 0.11.9 for now renders everything working, but thats no longterm solution.. Christian _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel