Hello All,
Currently I am having troubles to get the latest build (32bit) of prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These are found here: http://www.opensc-project.org/files/build.old/ (btw the link to the "builds" if any newer shall be available from this page is corrupt: http://www.opensc-project.org/opensc/wiki/build). When I use the 009 build then every thing is fine. However I'd like to use the latest version, and Alon had a few month ago made a newer build which I could not test until now. When trying the build 010 OpenVPN fails to connect. I get asked twice for PIN before it does something and then fails to connect and tries again/ask for PIN. By the way here: http://sites.google.com/site/alonbarlev/openssh-pkcs11 I found some info about PKCS11 and OpenSSL don't know if it may be related... Regards, PR Here is the OpenVPN log (did not find any OpenSC/OpenSSL log...?!): Sat Sep 24 14:52:10 2011 us=515000 Current Parameter Settings: Sat Sep 24 14:52:10 2011 us=515000 config = 'C:Program FilesOpenVPNshareopenvpn-win32configConfig.ovpn' Sat Sep 24 14:52:10 2011 us=515000 mode = 0 Sat Sep 24 14:52:10 2011 us=515000 show_ciphers = DISABLED Sat Sep 24 14:52:10 2011 us=515000 show_digests = DISABLED Sat Sep 24 14:52:10 2011 us=515000 show_engines = DISABLED Sat Sep 24 14:52:10 2011 us=515000 genkey = DISABLED Sat Sep 24 14:52:10 2011 us=515000 key_pass_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 show_tls_ciphers = DISABLED Sat Sep 24 14:52:10 2011 us=515000 Connection profiles [default]: Sat Sep 24 14:52:10 2011 us=515000 proto = udp Sat Sep 24 14:52:10 2011 us=515000 local = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 local_port = 0 Sat Sep 24 14:52:10 2011 us=515000 remote = 'vpn.reebs.org' Sat Sep 24 14:52:10 2011 us=515000 remote_port = 1194 Sat Sep 24 14:52:10 2011 us=515000 remote_float = ENABLED Sat Sep 24 14:52:10 2011 us=515000 bind_defined = DISABLED Sat Sep 24 14:52:10 2011 us=515000 bind_local = DISABLED Sat Sep 24 14:52:10 2011 us=515000 connect_retry_seconds = 5 Sat Sep 24 14:52:10 2011 us=515000 connect_timeout = 10 Sat Sep 24 14:52:10 2011 us=515000 connect_retry_max = 0 Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_server = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_port = 0 Sat Sep 24 14:52:10 2011 us=515000 socks_proxy_retry = DISABLED Sat Sep 24 14:52:10 2011 us=515000 Connection profiles END Sat Sep 24 14:52:10 2011 us=515000 remote_random = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ipchange = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 dev = 'tap' Sat Sep 24 14:52:10 2011 us=515000 dev_type = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 dev_node = 'OpenVPN' Sat Sep 24 14:52:10 2011 us=515000 lladdr = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 topology = 1 Sat Sep 24 14:52:10 2011 us=515000 tun_ipv6 = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ifconfig_local = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 ifconfig_remote_netmask = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 ifconfig_noexec = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ifconfig_nowarn = DISABLED Sat Sep 24 14:52:10 2011 us=515000 shaper = 0 Sat Sep 24 14:52:10 2011 us=515000 tun_mtu = 1500 Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_defined = ENABLED Sat Sep 24 14:52:10 2011 us=515000 link_mtu = 1500 Sat Sep 24 14:52:10 2011 us=515000 link_mtu_defined = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_extra = 32 Sat Sep 24 14:52:10 2011 us=515000 tun_mtu_extra_defined = ENABLED Sat Sep 24 14:52:10 2011 us=515000 fragment = 0 Sat Sep 24 14:52:10 2011 us=515000 mtu_discover_type = -1 Sat Sep 24 14:52:10 2011 us=515000 mtu_test = 0 Sat Sep 24 14:52:10 2011 us=515000 mlock = DISABLED Sat Sep 24 14:52:10 2011 us=515000 keepalive_ping = 0 Sat Sep 24 14:52:10 2011 us=515000 keepalive_timeout = 0 Sat Sep 24 14:52:10 2011 us=515000 inactivity_timeout = 0 Sat Sep 24 14:52:10 2011 us=515000 ping_send_timeout = 0 Sat Sep 24 14:52:10 2011 us=515000 ping_rec_timeout = 0 Sat Sep 24 14:52:10 2011 us=515000 ping_rec_timeout_action = 0 Sat Sep 24 14:52:10 2011 us=515000 ping_timer_remote = DISABLED Sat Sep 24 14:52:10 2011 us=515000 remap_sigusr1 = 0 Sat Sep 24 14:52:10 2011 us=515000 explicit_exit_notification = 0 Sat Sep 24 14:52:10 2011 us=515000 persist_tun = ENABLED Sat Sep 24 14:52:10 2011 us=515000 persist_local_ip = DISABLED Sat Sep 24 14:52:10 2011 us=515000 persist_remote_ip = DISABLED Sat Sep 24 14:52:10 2011 us=515000 persist_key = ENABLED Sat Sep 24 14:52:10 2011 us=515000 mssfix = 1450 Sat Sep 24 14:52:10 2011 us=515000 resolve_retry_seconds = 1000000000 Sat Sep 24 14:52:10 2011 us=515000 username = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 groupname = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 chroot_dir = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 cd_dir = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 writepid = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 up_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 down_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 down_pre = DISABLED Sat Sep 24 14:52:10 2011 us=515000 up_restart = DISABLED Sat Sep 24 14:52:10 2011 us=515000 up_delay = DISABLED Sat Sep 24 14:52:10 2011 us=515000 daemon = DISABLED Sat Sep 24 14:52:10 2011 us=515000 inetd = 0 Sat Sep 24 14:52:10 2011 us=515000 log = ENABLED Sat Sep 24 14:52:10 2011 us=515000 suppress_timestamps = DISABLED Sat Sep 24 14:52:10 2011 us=515000 nice = 0 Sat Sep 24 14:52:10 2011 us=515000 verbosity = 4 Sat Sep 24 14:52:10 2011 us=515000 mute = 0 Sat Sep 24 14:52:10 2011 us=515000 gremlin = 0 Sat Sep 24 14:52:10 2011 us=515000 status_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 status_file_version = 1 Sat Sep 24 14:52:10 2011 us=515000 status_file_update_freq = 60 Sat Sep 24 14:52:10 2011 us=515000 occ = ENABLED Sat Sep 24 14:52:10 2011 us=515000 rcvbuf = 0 Sat Sep 24 14:52:10 2011 us=515000 sndbuf = 0 Sat Sep 24 14:52:10 2011 us=515000 sockflags = 0 Sat Sep 24 14:52:10 2011 us=515000 fast_io = DISABLED Sat Sep 24 14:52:10 2011 us=515000 lzo = 7 Sat Sep 24 14:52:10 2011 us=515000 route_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 route_default_gateway = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 route_default_metric = 0 Sat Sep 24 14:52:10 2011 us=515000 route_noexec = DISABLED Sat Sep 24 14:52:10 2011 us=515000 route_delay = 5 Sat Sep 24 14:52:10 2011 us=515000 route_delay_window = 30 Sat Sep 24 14:52:10 2011 us=515000 route_delay_defined = ENABLED Sat Sep 24 14:52:10 2011 us=515000 route_nopull = DISABLED Sat Sep 24 14:52:10 2011 us=515000 route_gateway_via_dhcp = DISABLED Sat Sep 24 14:52:10 2011 us=515000 max_routes = 100 Sat Sep 24 14:52:10 2011 us=515000 allow_pull_fqdn = DISABLED Sat Sep 24 14:52:10 2011 us=515000 management_addr = '127.0.0.1' Sat Sep 24 14:52:10 2011 us=515000 management_port = 11196 Sat Sep 24 14:52:10 2011 us=515000 management_user_pass = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 management_log_history_cache = 250 Sat Sep 24 14:52:10 2011 us=515000 management_echo_buffer_size = 100 Sat Sep 24 14:52:10 2011 us=515000 management_write_peer_info_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 management_client_user = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 management_client_group = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 management_flags = 30 Sat Sep 24 14:52:10 2011 us=515000 shared_secret_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 key_direction = 2 Sat Sep 24 14:52:10 2011 us=515000 ciphername_defined = ENABLED Sat Sep 24 14:52:10 2011 us=515000 ciphername = 'AES-256-CBC' Sat Sep 24 14:52:10 2011 us=515000 authname_defined = ENABLED Sat Sep 24 14:52:10 2011 us=515000 authname = 'SHA' Sat Sep 24 14:52:10 2011 us=515000 prng_hash = 'SHA1' Sat Sep 24 14:52:10 2011 us=515000 prng_nonce_secret_len = 16 Sat Sep 24 14:52:10 2011 us=515000 keysize = 0 Sat Sep 24 14:52:10 2011 us=515000 engine = DISABLED Sat Sep 24 14:52:10 2011 us=515000 replay = ENABLED Sat Sep 24 14:52:10 2011 us=515000 mute_replay_warnings = ENABLED Sat Sep 24 14:52:10 2011 us=515000 replay_window = 64 Sat Sep 24 14:52:10 2011 us=515000 replay_time = 15 Sat Sep 24 14:52:10 2011 us=515000 packet_id_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 use_iv = ENABLED Sat Sep 24 14:52:10 2011 us=515000 test_crypto = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tls_server = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tls_client = ENABLED Sat Sep 24 14:52:10 2011 us=515000 key_method = 2 Sat Sep 24 14:52:10 2011 us=515000 ca_file = 'ca.crt' Sat Sep 24 14:52:10 2011 us=515000 ca_path = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 dh_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 cert_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 priv_key_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 pkcs12_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 cryptoapi_cert = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 cipher_list = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 tls_verify = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 tls_export_cert = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 tls_remote = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 crl_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 ns_cert_type = 0 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 160 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 136 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_ku[i] = 0 Sat Sep 24 14:52:10 2011 us=515000 remote_cert_eku = 'TLS Web Server Authentication' Sat Sep 24 14:52:10 2011 us=515000 tls_timeout = 2 Sat Sep 24 14:52:10 2011 us=515000 renegotiate_bytes = 0 Sat Sep 24 14:52:10 2011 us=515000 renegotiate_packets = 0 Sat Sep 24 14:52:10 2011 us=515000 renegotiate_seconds = 3600 Sat Sep 24 14:52:10 2011 us=515000 handshake_window = 60 Sat Sep 24 14:52:10 2011 us=515000 transition_window = 3600 Sat Sep 24 14:52:10 2011 us=515000 single_session = DISABLED Sat Sep 24 14:52:10 2011 us=515000 push_peer_info = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tls_exit = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tls_auth_file = 'ta.key' Sat Sep 24 14:52:10 2011 us=515000 pkcs11_providers = C:Program FilesOpenVPNbinopensc-pkcs11.dll Sat Sep 24 14:52:10 2011 us=515000 pkcs11_protected_authentication = DISABLED Sat Sep 24 14:52:10 2011 us=515000 pkcs11_protected_authentication = DISABLED Sat Sep 24 14:52:10 2011 us=515000 pkcs11_private_mode = 00000000 Sat Sep 24 14:52:10 2011 us=515000 pkcs11_private_mode = 00000000 Sat Sep 24 14:52:10 2011 us=515000 pkcs11_cert_private = DISABLED Sat Sep 24 14:52:10 2011 us=515000 pkcs11_cert_private = DISABLED Sat Sep 24 14:52:10 2011 us=515000 pkcs11_pin_cache_period = -1 Sat Sep 24 14:52:10 2011 us=515000 pkcs11_id = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 pkcs11_id_management = ENABLED Sat Sep 24 14:52:10 2011 us=515000 server_network = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 server_netmask = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 server_bridge_ip = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 server_bridge_netmask = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 server_bridge_pool_start = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 server_bridge_pool_end = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_defined = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_start = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_end = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_netmask = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_persist_filename = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 ifconfig_pool_persist_refresh_freq = 600 Sat Sep 24 14:52:10 2011 us=515000 n_bcast_buf = 256 Sat Sep 24 14:52:10 2011 us=515000 tcp_queue_limit = 64 Sat Sep 24 14:52:10 2011 us=515000 real_hash_size = 256 Sat Sep 24 14:52:10 2011 us=515000 virtual_hash_size = 256 Sat Sep 24 14:52:10 2011 us=515000 client_connect_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 learn_address_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 client_disconnect_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 client_config_dir = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 ccd_exclusive = DISABLED Sat Sep 24 14:52:10 2011 us=515000 tmp_dir = 'C:DOCUME~1reeb000pLOCALS~1Temp' Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_defined = DISABLED Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_local = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 push_ifconfig_remote_netmask = 0.0.0.0 Sat Sep 24 14:52:10 2011 us=515000 enable_c2c = DISABLED Sat Sep 24 14:52:10 2011 us=515000 duplicate_cn = DISABLED Sat Sep 24 14:52:10 2011 us=515000 cf_max = 0 Sat Sep 24 14:52:10 2011 us=515000 cf_per = 0 Sat Sep 24 14:52:10 2011 us=515000 max_clients = 1024 Sat Sep 24 14:52:10 2011 us=515000 max_routes_per_client = 256 Sat Sep 24 14:52:10 2011 us=515000 auth_user_pass_verify_script = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 auth_user_pass_verify_script_via_file = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ssl_flags = 0 Sat Sep 24 14:52:10 2011 us=515000 client = ENABLED Sat Sep 24 14:52:10 2011 us=515000 pull = ENABLED Sat Sep 24 14:52:10 2011 us=515000 auth_user_pass_file = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 show_net_up = DISABLED Sat Sep 24 14:52:10 2011 us=515000 route_method = 0 Sat Sep 24 14:52:10 2011 us=515000 ip_win32_defined = DISABLED Sat Sep 24 14:52:10 2011 us=515000 ip_win32_type = 3 Sat Sep 24 14:52:10 2011 us=515000 dhcp_masq_offset = 0 Sat Sep 24 14:52:10 2011 us=515000 dhcp_lease_time = 31536000 Sat Sep 24 14:52:10 2011 us=515000 tap_sleep = 0 Sat Sep 24 14:52:10 2011 us=515000 dhcp_options = DISABLED Sat Sep 24 14:52:10 2011 us=515000 dhcp_renew = DISABLED Sat Sep 24 14:52:10 2011 us=515000 dhcp_pre_release = DISABLED Sat Sep 24 14:52:10 2011 us=515000 dhcp_release = DISABLED Sat Sep 24 14:52:10 2011 us=515000 domain = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 netbios_scope = '[UNDEF]' Sat Sep 24 14:52:10 2011 us=515000 netbios_node_type = 0 Sat Sep 24 14:52:10 2011 us=515000 disable_nbt = DISABLED Sat Sep 24 14:52:10 2011 us=515000 OpenVPN 2.2.1 i686-w64-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 13 2011 Sat Sep 24 14:52:10 2011 us=562000 MANAGEMENT: TCP Socket listening on 127.0.0.1:11196 Sat Sep 24 14:52:10 2011 us=562000 Need hold release from management interface, waiting... Sat Sep 24 14:52:11 2011 us=93000 MANAGEMENT: Client connected from 127.0.0.1:11196 Sat Sep 24 14:52:11 2011 us=93000 MANAGEMENT: CMD 'log on all' Sat Sep 24 14:52:11 2011 us=656000 MANAGEMENT: CMD 'state on' Sat Sep 24 14:52:11 2011 us=671000 MANAGEMENT: CMD 'hold release' Sat Sep 24 14:52:11 2011 us=718000 PKCS#11: Adding PKCS#11 provider 'C:Program FilesOpenVPNbinopensc-pkcs11.dll' Sat Sep 24 14:52:14 2011 us=375000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sat Sep 24 14:52:14 2011 us=625000 MANAGEMENT: CMD 'pkcs11-id-count' Sat Sep 24 14:52:14 2011 us=640000 MANAGEMENT: CMD 'pkcs11-id-get 0' Sat Sep 24 14:52:14 2011 us=656000 MANAGEMENT: CMD 'needstr 'pkcs11-id-request' 'OpenSCx20Project/PKCSx2315/0001D049FFFF0000/OpenSCx20Cardx20x28xxxx20xxxx29/45'' Sat Sep 24 14:52:14 2011 us=718000 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Sat Sep 24 14:52:14 2011 us=734000 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication Sat Sep 24 14:52:14 2011 us=734000 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA' for HMAC authentication Sat Sep 24 14:52:14 2011 us=734000 LZO compression initialized Sat Sep 24 14:52:14 2011 us=734000 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ] Sat Sep 24 14:52:14 2011 us=734000 Socket Buffers: R=[128000->128000] S=[49152->49152] Sat Sep 24 14:52:14 2011 us=734000 MANAGEMENT: >STATE:1316868734,RESOLVE,,, Sat Sep 24 14:52:15 2011 us=625000 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ] Sat Sep 24 14:52:15 2011 us=625000 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-client' Sat Sep 24 14:52:15 2011 us=625000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-server' Sat Sep 24 14:52:15 2011 us=625000 Local Options hash (VER=V4): 'cabf0c6d' Sat Sep 24 14:52:15 2011 us=625000 Expected Remote Options hash (VER=V4): '3a7a252b' Sat Sep 24 14:52:15 2011 us=625000 UDPv4 link local: [undef] Sat Sep 24 14:52:15 2011 us=625000 UDPv4 link remote: 84.168.255.68:1194 Sat Sep 24 14:52:15 2011 us=625000 MANAGEMENT: >STATE:1316868735,WAIT,,, Sat Sep 24 14:52:16 2011 us=687000 MANAGEMENT: >STATE:1316868736,AUTH,,, Sat Sep 24 14:52:16 2011 us=687000 TLS: Initial packet from 84.168.255.68:1194, sid=36c89d30 585b28cf Sat Sep 24 14:52:27 2011 us=421000 VERIFY OK: depth=1, /C=xxxxx Sat Sep 24 14:52:27 2011 us=437000 Validating certificate key usage Sat Sep 24 14:52:27 2011 us=437000 ++ Certificate has key usage 00a0, expects 00a0 Sat Sep 24 14:52:27 2011 us=437000 VERIFY KU OK Sat Sep 24 14:52:27 2011 us=437000 Validating certificate extended key usage Sat Sep 24 14:52:27 2011 us=437000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Sep 24 14:52:27 2011 us=437000 VERIFY EKU OK Sat Sep 24 14:52:27 2011 us=437000 VERIFY OK: depth=0, /C=xxxxxx >>>>> SAT SEP 24 14:52:44 2011 US=218000 MANAGEMENT: CMD 'PASSWORD [...]' >>>>> FIRST REQUEST FOR PASSWORD >>>>> SAT SEP 24 14:52:49 2011 US=515000 MANAGEMENT: CMD 'PASSWORD [...]' >>>>> SECOND REQUEST FOR PASSWORD Sat Sep 24 14:53:15 2011 us=15000 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sat Sep 24 14:53:15 2011 us=15000 TLS Error: TLS handshake failed Sat Sep 24 14:53:15 2011 us=31000 TCP/UDP: Closing socket Sat Sep 24 14:53:15 2011 us=62000 SIGUSR1[soft,tls-error] received, process restarting Sat Sep 24 14:53:15 2011 us=62000 MANAGEMENT: >STATE:1316868795,RECONNECTING,tls-error,, Sat Sep 24 14:53:15 2011 us=78000 MANAGEMENT: CMD 'log on all' Sat Sep 24 14:53:15 2011 us=906000 MANAGEMENT: CMD 'state on' Sat Sep 24 14:53:15 2011 us=921000 MANAGEMENT: CMD 'hold release' Sat Sep 24 14:53:15 2011 us=937000 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Sat Sep 24 14:53:15 2011 us=937000 Re-using SSL/TLS context Sat Sep 24 14:53:15 2011 us=937000 LZO compression initialized Sat Sep 24 14:53:15 2011 us=937000 Control Channel MTU parms [ L:1590 D:166 EF:66 EB:0 ET:0 EL:0 ] Sat Sep 24 14:53:15 2011 us=937000 Socket Buffers: R=[128000->128000] S=[49152->49152] Sat Sep 24 14:53:15 2011 us=937000 MANAGEMENT: >STATE:1316868795,RESOLVE,,, Sat Sep 24 14:53:17 2011 us=265000 Data Channel MTU parms [ L:1590 D:1450 EF:58 EB:135 ET:32 EL:0 AF:3/1 ] Sat Sep 24 14:53:17 2011 us=265000 Local Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-client' Sat Sep 24 14:53:17 2011 us=265000 Expected Remote Options String: 'V4,dev-type tap,link-mtu 1590,tun-mtu 1532,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA,keysize 256,tls-auth,key-method 2,tls-server' Sat Sep 24 14:53:17 2011 us=265000 Local Options hash (VER=V4): 'cabf0c6d' Sat Sep 24 14:53:17 2011 us=265000 Expected Remote Options hash (VER=V4): '3a7a252b' Sat Sep 24 14:53:17 2011 us=265000 UDPv4 link local: [undef] Sat Sep 24 14:53:17 2011 us=265000 UDPv4 link remote: 84.168.255.68:1194 Sat Sep 24 14:53:17 2011 us=265000 MANAGEMENT: >STATE:1316868797,WAIT,,, Sat Sep 24 14:53:18 2011 us=500000 MANAGEMENT: >STATE:1316868798,AUTH,,, Sat Sep 24 14:53:18 2011 us=500000 TLS: Initial packet from 84.168.255.68:1194, sid=dacee84d acb2e16e Sat Sep 24 14:53:29 2011 us=93000 VERIFY OK: depth=1, /C=xxxx Sat Sep 24 14:53:29 2011 us=93000 Validating certificate key usage Sat Sep 24 14:53:29 2011 us=93000 ++ Certificate has key usage 00a0, expects 00a0 Sat Sep 24 14:53:29 2011 us=93000 VERIFY KU OK Sat Sep 24 14:53:29 2011 us=93000 Validating certificate extended key usage Sat Sep 24 14:53:29 2011 us=93000 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Sep 24 14:53:29 2011 us=93000 VERIFY EKU OK Sat Sep 24 14:53:29 2011 us=93000 VERIFY OK: depth=0, /C=xxxx >>>>> HERE ASK FOR PASSWORD AGAIN Sat Sep 24 14:53:45 2011 us=250000 MANAGEMENT: CMD 'signal SIGTERM'
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
