Hi,
i use strongswan ontop of opensc to authenticate to firewalls for vpn-
connections.
All strongswan-versions have problems using opensc-pkcs11.so of opensc
after rev3784 to authenticate with the firewall.
opensc 0.11.12 also doesnt work.
Installing rev3784 i can establish the connection, with rev3785 not.
With that commit 25 files were changed, the problem came in with patching
the three files in src/pkcs11/ directory.
Apparently strongswan is using a different cert with rev3785.
'pkcs15-tool -c' shows same results with rev3784 and rev3785.
for i in 45 46 47 49; do
pkcs15-tool -r $i|openssl x509 -noout -subject; done
outputs the same subjects with both revisions.
Setting 'debug = 10' i see rev3785 apparently hands out other certs than
rev3784.
We already had such problems in the past, they were fixed with newer
opensc and still fixed for pkcs15-tool, but appeared now with
opensc-pkcs11.so .
The card used is netkey, tcos. In first step of production private-keys
and certs are stored on it, with a later step personalized (persons name
appears in subject) certs are written onto the card. opensc-pkcs11.so
is as i see it now handing out the first cert.
Any suggestions?
I could look into just changing the 'paths' to the certs for netkey-cards,
but thats just a hack. Just using 0.11.9 for now renders everything working,
but thats no longterm solution..
Christian
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
