Hello,
2011/8/11 Jonatan Åkerlind <jonatan.akerl...@sgsstudentbostader.se>:
> We have a setup using the Aladdin eToken PRO USB device for certificate
> storage using opensc/openct to interface it with openvpn. Works fine but
> with pkcs11-helper 1.08 we need to enter the PIN code twice at openvpn
> startup and then once at each renegotiation. Confirmed with various
> versions of openvpn (2.1.4/2.2.1), opensc (0.11.13, 0.12.1) and openct
> (0.6.20), common thing is that it works with pkcs11-helper 1.07 (the PIN
> caching seems ok and only asks for the pin code once at startup and no
> more) but with pkcs11-helper 1.08 the PIN caching does not work.
>
> Attached is a log from openvpn with verbosity 99 (gives a lot of info)
> using pkcs11-helper 1.08. It contains the startup and a couple of
> renegotiations filtered to only include lines with pkcs in them.
This might be relevant:
PKCS#11: __pkcs11h_certificate_doPrivateOperation entry
certificate=0x72ebb0, op=0, mech_type=1, source=0x7fff40fa3be0,
source_size=0000000000000024, target=0x757936,
*p_target_size=0000000000000024
the target size is the same as input size, which makes one of the
operations fail with CKR_BUFFER_TOO_SMALL and will trigger another
try, which will mean another PIN entry. Probably something else is
fishy as well.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
