Re: [opensc-devel] Problems with opensc+openvpn builds from Alon starting v10
Well, I need log to be able to help. If th ui canno handle this, try without ui. This UI uses the management interface in order to provide the passphrase at port 11196. You can telnet this port and see management-notes.txt of how to work with it. Or.. To open a bug within the ui so it be able to enable more logging. On Wed, Sep 28, 2011 at 7:01 PM, busin...@reebs.org wrote: This does not work. If I set Verb above 7 I get following loop under Command Line and GUI: http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ until it fails. If I set log filename.txt in the configuration file and run from CLI, it will go up to the point where pin is required but then fail as it cannot get pin from stdin (btw using win32 version on win Xp and card is former Cryptoflex from gemalto): [END OF LOGFILE]: Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 read server certificate request A Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 read server done A Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 write client certificate A Wed Sep 28 17:51:25 2011 us=796000 SSL state (connect): SSLv3 write client key exchange A Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: __pkcs11h_openssl_enc entered - flen=36, from=0022F080, to=00DAF33E, rsa=00D5CAA8, padding=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Performing signature Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: pkcs11h_certificate_signAny entry certificate=00D5E088, mech_type=1, source=0022F080, source_size=0024, target=00DAF33E, *p_target_size=0100 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Getting key attributes Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: __pkcs11h_certificate_getKeyAttributes entry certificate=00D5E088 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=0022EEA0, count=4 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_freeObjectAttributes return Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Get private key attributes failed: 130:'CKR_OBJECT_HANDLE_INVALID' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_certificate_resetSession entry certificate=00D5E088, public_only=0, session_mutex_locked=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getObjectById entry session=00D6AD10, class=3, id=00D6AD00, id_size=0001, p_handle=00D5E098 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate entry session=00D6AD10 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate session-pin_expire_time=0, time=1317225085 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate return rv=0-'CKR_OK' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_findObjects entry session=00D6AD10, filter=0022EDC0, filter_attrs=2, p_objects=0022EDDC, p_objects_found=0022EDD8 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_findObjects return rv=0-'CKR_OK', *p_objects_found=0 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getObjectById return rv=512-'CKR_FUNCTION_REJECTED', *p_handle= Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_login entry session=00D6AD10, is_publicOnly=0, readonly=1, user_data=, mask_prompt=0003 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_logout entry session=00D6AD10 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_logout return Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset entry session=00D6AD10, user_data=, mask_prompt=0003, p_slot=0022EDDC Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset Expected token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='0001D049', label='OpenSC Card (xxx yyy)' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getSlotList entry provider=00D63DD0, token_present=1, pSlotList=0022E96C, pulCount=0022E968 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0022E964 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0022E85C Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=00DA9728 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_getTokenId return rv=0-'CKR_OK', *p_token_id=00DA9728 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset Found token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='0001D049', label='OpenSC Card (xxx yyy)' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: pkcs11h_token_freeTokenId entry certificate_id=00DA9728 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: pkcs11h_token_freeTokenId return Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset return rv=0-'CKR_OK', *p_slot=1 Wed Sep 28 17:51:25 2011
Re: [opensc-devel] Problems with opensc+openvpn builds from Alon starting v10
This is why I tried without the UI directly on command line, but I then get the same problem with verb 7. It will hang in some waiting loop until it times out after a long time... (WE_WAIT enter n=1 to=1000) If I add the option in the configuration file to output log to a file, then it reaches without problems the point where it requires the PIN for the smartcard, which fails because STDIN cannot work when all output is redirected to file... I will do a few more tries, but I am rather clueless here... On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Well, I need log to be able to help. If th ui canno handle this, try without ui. This UI uses the management interface in order to provide the passphrase at port 11196. You can telnet this port and see management-notes.txt of how to work with it. Or.. To open a bug within the ui so it be able to enable more logging. On Wed, Sep 28, 2011 at 7:01 PM, busin...@reebs.org wrote: This does not work. If I set Verb above 7 I get following loop under Command Line and GUI: http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ until it fails. If I set log filename.txt in the configuration file and run from CLI, it will go up to the point where pin is required but then fail as it cannot get pin from stdin (btw using win32 version on win Xp and card is former Cryptoflex from gemalto): [END OF LOGFILE]: Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 read server certificate request A Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 read server done A Wed Sep 28 17:51:24 2011 us=984000 SSL state (connect): SSLv3 write client certificate A Wed Sep 28 17:51:25 2011 us=796000 SSL state (connect): SSLv3 write client key exchange A Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: __pkcs11h_openssl_enc entered - flen=36, from=0022F080, to=00DAF33E, rsa=00D5CAA8, padding=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Performing signature Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: pkcs11h_certificate_signAny entry certificate=00D5E088, mech_type=1, source=0022F080, source_size=0024, target=00DAF33E, *p_target_size=0100 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Getting key attributes Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: __pkcs11h_certificate_getKeyAttributes entry certificate=00D5E088 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_freeObjectAttributes entry attrs=0022EEA0, count=4 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_freeObjectAttributes return Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: Get private key attributes failed: 130:'CKR_OBJECT_HANDLE_INVALID' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_certificate_resetSession entry certificate=00D5E088, public_only=0, session_mutex_locked=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getObjectById entry session=00D6AD10, class=3, id=00D6AD00, id_size=0001, p_handle=00D5E098 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate entry session=00D6AD10 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate session-pin_expire_time=0, time=1317225085 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_validate return rv=0-'CKR_OK' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_findObjects entry session=00D6AD10, filter=0022EDC0, filter_attrs=2, p_objects=0022EDDC, p_objects_found=0022EDD8 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_findObjects return rv=0-'CKR_OK', *p_objects_found=0 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getObjectById return rv=512-'CKR_FUNCTION_REJECTED', *p_handle= Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_login entry session=00D6AD10, is_publicOnly=0, readonly=1, user_data=, mask_prompt=0003 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_logout entry session=00D6AD10 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_logout return Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset entry session=00D6AD10, user_data=, mask_prompt=0003, p_slot=0022EDDC Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_reset Expected token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='0001D049', label='OpenSC Card (xxx yyy)' Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getSlotList entry provider=00D63DD0, token_present=1, pSlotList=0022E96C, pulCount=0022E968 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_session_getSlotList return rv=0-'CKR_OK' *pulCount=1 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_getTokenId entry p_token_id=0022E964 Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_newTokenId entry p_token_id=0022E85C Wed Sep 28 17:51:25 2011 us=796000 PKCS#11: _pkcs11h_token_newTokenId return rv=0-'CKR_OK', *p_token_id=00DA9728 Wed Sep 28
Re: [opensc-devel] Problems with opensc+openvpn builds from Alon starting v10
Ok I will do this, however how would I enable this log using the Builds you provided?! Strange is also that while the first attempt, it asks twice for the PIN, for the second and following connection attempts (I aborded here not to loose start of log because of buffer limitations) it asks only once... On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: This is strange. The signature just fails I need opensc logs. It returns CKR_GENERAL_ERROR when tries to sign. On Thu, Sep 29, 2011 at 12:25 PM, busin...@reebs.org wrote: So finally I managed to get the log. For some reasons today it worked from command line allthough it did not in GUI. Probably some delay caused by management interface which is interferring with OpenVPN when log ammount is high... Anyway here is the file _(had to paste it from command prompt), hope that helps! On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Well, I need log to be able to help. If th ui canno handle this, try without ui. This UI uses the management interface in order to provide the passphrase at port 11196. You can telnet this port and see management-notes.txt of how to work with it. Or.. To open a bug within the ui so it be able to enable more logging. On Wed, Sep 28, 2011 at 7:01 PM, busin...@reebs.org wrote: This does not work. If I set Verb above 7 I get following loop under Command Line and GUI: http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ until it fails. If I set log filename.txt in the configuration file and run from CLI, it will go up to the point where pin is required but then fail as it cannot get pin from stdin (btw using win32 version on win Xp and card is former Cryptoflex from gemalto): On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: set verb 255 and log to a file. On Wed, Sep 28, 2011 at 5:10 PM, busin...@reebs.org wrote: Yes now download works!!! However still not able to connect. I tried both command line and GUI. Same issue: 1- After it ask for PIN and I enter PIN it immediately asks for the PIN again 2- It then tries to connect, but nothing happens 3- After 60 seconde it times out 4- Start another connection attempt 5- It asks for PIN and after I enter it it immediately fails and back to point no. 4 until I break Last working version is 009, 010 and 011 have very same issue. Here is the command line LOG (short form): On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Now? On Wed, Sep 28, 2011 at 4:01 PM, busin...@reebs.org wrote: Alon, I believe there is a permission issue with the new files: Forbidden You don't have permission to access /downloads/users/alonbl/build/opensc- i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. Regards, On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Use build-011 On Wed, Sep 28, 2011 at 1:39 PM, busin...@reebs.org wrote: Hi All, any clue what is wrong?! :( Rgds On Sun, 25 Sep 2011 18:38:39 +0200, busin...@reebs.org wrote: Hello All, Currently I am having troubles to get the latest build (32bit) of prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These are found here: ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Problems with opensc+openvpn builds from Alon starting v10
It should be opensc.conf somewhere that is pointed by registry. See the installation script. On Thu, Sep 29, 2011 at 10:34 PM, busin...@reebs.org wrote: Ok I will do this, however how would I enable this log using the Builds you provided?! Strange is also that while the first attempt, it asks twice for the PIN, for the second and following connection attempts (I aborded here not to loose start of log because of buffer limitations) it asks only once... On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: This is strange. The signature just fails I need opensc logs. It returns CKR_GENERAL_ERROR when tries to sign. On Thu, Sep 29, 2011 at 12:25 PM, busin...@reebs.org wrote: So finally I managed to get the log. For some reasons today it worked from command line allthough it did not in GUI. Probably some delay caused by management interface which is interferring with OpenVPN when log ammount is high... Anyway here is the file _(had to paste it from command prompt), hope that helps! On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Well, I need log to be able to help. If th ui canno handle this, try without ui. This UI uses the management interface in order to provide the passphrase at port 11196. You can telnet this port and see management-notes.txt of how to work with it. Or.. To open a bug within the ui so it be able to enable more logging. On Wed, Sep 28, 2011 at 7:01 PM, busin...@reebs.org wrote: This does not work. If I set Verb above 7 I get following loop under Command Line and GUI: http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ until it fails. If I set log filename.txt in the configuration file and run from CLI, it will go up to the point where pin is required but then fail as it cannot get pin from stdin (btw using win32 version on win Xp and card is former Cryptoflex from gemalto): On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: set verb 255 and log to a file. On Wed, Sep 28, 2011 at 5:10 PM, busin...@reebs.org wrote: Yes now download works!!! However still not able to connect. I tried both command line and GUI. Same issue: 1- After it ask for PIN and I enter PIN it immediately asks for the PIN again 2- It then tries to connect, but nothing happens 3- After 60 seconde it times out 4- Start another connection attempt 5- It asks for PIN and after I enter it it immediately fails and back to point no. 4 until I break Last working version is 009, 010 and 011 have very same issue. Here is the command line LOG (short form): On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Now? On Wed, Sep 28, 2011 at 4:01 PM, busin...@reebs.org wrote: Alon, I believe there is a permission issue with the new files: Forbidden You don't have permission to access /downloads/users/alonbl/build/opensc- i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. Regards, On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev alon.bar...@gmail.com wrote: Use build-011 On Wed, Sep 28, 2011 at 1:39 PM, busin...@reebs.org wrote: Hi All, any clue what is wrong?! :( Rgds On Sun, 25 Sep 2011 18:38:39 +0200, busin...@reebs.org wrote: Hello All, Currently I am having troubles to get the latest build (32bit) of prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These are found here: ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
