Hello business, The issue is probably within OpenSC, related to [1].
Will be fixed in next version. It would be great if you can provide OpenSC logs from your working configuration. Thanks, Alon. [1] http://www.opensc-project.org/opensc/ticket/162 On Wed, Oct 19, 2011 at 8:03 AM, <busin...@reebs.org> wrote: > Hello Gents, > > just enquiring for a feedback. did you find something out on this > issue? Seems something was brocken in never OpenSC / OpenVPN... > > Rgds, PR > > On Mon, 3 Oct 2011 15:09:28 +0200, Alon Bar-Lev <alon.bar...@gmail.com> > wrote: >> Martin, >> I need your help here... >> >> On Fri, Sep 30, 2011 at 8:18 PM, <busin...@reebs.org> wrote: >>> Here you go: >>> >>> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >>> --list-keys >>> Using reader with a card: O2Micro CCID SC Reader 0 >>> Private RSA Key [Private Key] >>> Object Flags : [0x3], private, modifiable >>> Usage : [0x4], sign >>> Access Flags : [0x1D], sensitive, alwaysSensitive, >>> neverExtract, local >>> ModLength : 2048 >>> Key ref : 0 (0x0) >>> Native : yes >>> Path : 3f0050154b0130450012 >>> Auth ID : 01 >>> ID : 45 >>> >>> >>> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >>> --list-certificates >>> Using reader with a card: O2Micro CCID SC Reader 0 >>> X.509 Certificate [Certificate] >>> Object Flags : [0x2], modifiable >>> Authority : no >>> Path : 3f0050154545 >>> ID : 45 >>> Encoded serial : 02 01 02 >>> >>> >>> C:\Program Files\OpenVPN\share\openvpn-win32\config> >>> >>> >>> On Fri, 30 Sep 2011 18:45:31 +0300, Alon Bar-Lev >>> <alon.bar...@gmail.com> wrote: >>>> --- >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>> iso7816.c:103:iso7816_check_sw: Command incompatible with file >>>> structure >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>> card-flex.c:1067:cryptoflex_compute_signature: Card returned error: >>>> -1200 (Card command failed) >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] sec.c:56:sc_compute_signature: >>>> returning with: -1200 (Card command failed) >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>> pkcs15-sec.c:380:sc_pkcs15_compute_signature: sc_compute_signature() >>>> failed: -1200 (Card command failed) >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: >>>> called >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>> framework-pkcs15.c:2721:pkcs15_prkey_sign: Sign complete. Result >>>> -1200. >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>> misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1200 >>>> (Card command failed) >>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] pkcs11-object.c:635:C_Sign: >>>> C_Sign() = CKR_GENERAL_ERROR >>>> --- >>>> >>>> What I also need is dump of the card content. >>>> >>>> Paste the output of >>>> pkcs15-tool --list-keys >>>> pkcs15-tool --list-certificates >>>> >>>> On Fri, Sep 30, 2011 at 1:16 PM, <busin...@reebs.org> wrote: >>>>> Here is the log with verb 255 and the associated OpenVPN log verb 255. >>>>> >>>>> Rgrds >>>>> >>>>> On Thu, 29 Sep 2011 22:42:35 +0300, Alon Bar-Lev >>>>> <alon.bar...@gmail.com> wrote: >>>>>> It should be opensc.conf somewhere that is pointed by registry. >>>>>> See the installation script. >>>>>> >>>>>> On Thu, Sep 29, 2011 at 10:34 PM, <busin...@reebs.org> wrote: >>>>>>> Ok I will do this, however how would I enable this log using the Builds >>>>>>> you provided?! >>>>>>> >>>>>>> Strange is also that while the first attempt, it asks twice for the >>>>>>> PIN, for the second and following connection attempts (I aborded here >>>>>>> not to loose start of log because of buffer limitations) it asks only >>>>>>> once... >>>>>>> >>>>>>> On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev >>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>> This is strange. >>>>>>>> The signature just fails >>>>>>>> I need opensc logs. >>>>>>>> >>>>>>>> It returns CKR_GENERAL_ERROR when tries to sign. >>>>>>>> >>>>>>>> On Thu, Sep 29, 2011 at 12:25 PM, <busin...@reebs.org> wrote: >>>>>>>>> So finally I managed to get the log. For some reasons today it worked >>>>>>>>> from command line allthough it did not in GUI. Probably some delay >>>>>>>>> caused by management interface which is interferring with OpenVPN when >>>>>>>>> log ammount is high... >>>>>>>>> >>>>>>>>> Anyway here is the file _(had to paste it from command prompt), hope >>>>>>>>> that helps! >>>>>>>>> >>>>>>>>> On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev >>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>> Well, >>>>>>>>>> I need log to be able to help. >>>>>>>>>> If th ui canno handle this, try without ui. >>>>>>>>>> This UI uses the management interface in order to provide the >>>>>>>>>> passphrase at port 11196. >>>>>>>>>> You can telnet this port and see management-notes.txt of how to work >>>>>>>>>> with it. >>>>>>>>>> Or.. To open a bug within the ui so it be able to enable more >>>>>>>>>> logging. >>>>>>>>>> >>>>>>>>>> On Wed, Sep 28, 2011 at 7:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>> This does not work. >>>>>>>>>>> >>>>>>>>>>> If I set Verb above 7 I get following loop under Command Line and >>>>>>>>>>> GUI: >>>>>>>>>>> >>>>>>>>>>> http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ >>>>>>>>>>> >>>>>>>>>>> until it fails. >>>>>>>>>>> >>>>>>>>>>> If I set "log filename.txt" in the configuration file and run from >>>>>>>>>>> CLI, >>>>>>>>>>> it will go up to the point where pin is required but then fail as it >>>>>>>>>>> cannot get pin from stdin (btw using win32 version on win Xp and >>>>>>>>>>> card is >>>>>>>>>>> former Cryptoflex from gemalto): >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev >>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>> set verb 255 and log to a file. >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Sep 28, 2011 at 5:10 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>> Yes now download works!!! >>>>>>>>>>>>> >>>>>>>>>>>>> However still not able to connect. >>>>>>>>>>>>> >>>>>>>>>>>>> I tried both command line and GUI. Same issue: >>>>>>>>>>>>> >>>>>>>>>>>>> 1- After it ask for PIN and I enter PIN it immediately asks for >>>>>>>>>>>>> the PIN >>>>>>>>>>>>> again >>>>>>>>>>>>> 2- It then tries to connect, but nothing happens >>>>>>>>>>>>> 3- After 60 seconde it times out >>>>>>>>>>>>> 4- Start another connection attempt >>>>>>>>>>>>> 5- It asks for PIN and after I enter it it immediately fails and >>>>>>>>>>>>> back >>>>>>>>>>>>> to point no. 4 until I break >>>>>>>>>>>>> >>>>>>>>>>>>> Last working version is 009, 010 and 011 have very same issue. >>>>>>>>>>>>> >>>>>>>>>>>>> Here is the command line LOG (short form): >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev >>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>> Now? >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 4:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>> Alon, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> I believe there is a permission issue with the new files: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Forbidden >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> You don't have permission to access >>>>>>>>>>>>>>>> /downloads/users/alonbl/build/opensc- >>>>>>>>>>>>>>>> i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev >>>>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>>>> Use build-011 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 1:39 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> any clue what is wrong?! :( >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Rgds >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Sun, 25 Sep 2011 18:38:39 +0200, <busin...@reebs.org> >>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>> > Hello All, >>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>> > Currently I am having troubles to get the latest build >>>>>>>>>>>>>>>>> > (32bit) of >>>>>>>>>>>>>>>>> > prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These >>>>>>>>>>>>>>>>> > are found >>>>>>>>>>>>>>>>> > here: >>>>>>>>>>>>>>> .... >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> >>>>> >>> >>> > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel