On Wed, Feb 03, 2010 at 12:04:11PM +0200, Martin Paljak wrote: > On Feb 3, 2010, at 11:15 , Christian Horn wrote: > > > > i use strongswan ontop of opensc to authenticate to firewalls for vpn- > > connections. > > All strongswan-versions have problems using opensc-pkcs11.so of opensc > > after rev3784 to authenticate with the firewall. > > opensc 0.11.12 also doesnt work. > > > Please provide pkcs11-tool -L with a functioning and non-functioning pkcs11 > module.
Attached. The output is the same for working and non-working opensc. > The logic how objects are grouped together has changed but this > should not affect the end result. I suspect it does: if i do a 'ipsec listcerts' then the calls differ between working/nonworking opensc under it. The difference is that with the nonworking opensc openswan is listing 2 more certs with subjects like "C=DE, ND=1, CN=NKS ...". This looks like the machine-generated certs for me, having strongswan presenting this to the firewall makes sense i can not authorize properly. > How does strongswan look for the keys it wants to use? > With certificate subjects? No, one can just refer onto 'slots' or ids, '%smartcard:46' is what i use, '%smartcard#1' is the same in my case, that syntax here also only works with rev3784 . Christian
Available slots: Slot 0 O2 Micro Oz776 00 00 token label: NetKey Card (PIN) token manuf: TeleSec GmbH token model: PKCS#15 emulated token flags: readonly, login required, PIN initialized, token initialized serial num : 9017230002457244 Slot 1 O2 Micro Oz776 00 00 token label: NetKey Card (NetKey PIN0) token manuf: TeleSec GmbH token model: PKCS#15 emulated token flags: readonly, login required, PIN initialized, token initialized serial num : 9017230002457244 Slot 2 O2 Micro Oz776 00 00 token label: NetKey Card (NetKey PIN1) token manuf: TeleSec GmbH token model: PKCS#15 emulated token flags: readonly, login required, PIN initialized, token initialized serial num : 9017230002457244 Slot 3 O2 Micro Oz776 00 00 token label: NetKey Card (SigG PIN) token manuf: TeleSec GmbH token model: PKCS#15 emulated token flags: readonly, login required, PIN initialized, token initialized serial num : 9017230002457244 Slot 4 (empty) Slot 5 (empty) Slot 6 (empty) Slot 7 (empty) Slot 8 (empty) Slot 9 (empty) Slot 10 (empty) Slot 11 (empty) Slot 12 (empty) Slot 13 (empty) Slot 14 (empty) Slot 15 (empty)
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
