Hello,
did you create the hashlinks to your certificates?
Kind regards,
Dominik Fischer
Am 05.04.2011 um 11:00 schrieb Jean-Michel Pouré - GOOZE:
Dear friends,
I am still having problems configuring pam PKCS#11 with OpenSC.
CAcert root certificates:
http://www.cacert.org/certs/class3
Anfang der weitergeleiteten E-Mail:
Von: Dominik Fischer dom_fisc...@web.de
Datum: 21. März 2011 15:43:02 MEZ
An: Ludovic Rousseau ludovic.rouss...@gmail.com
Betreff: Re: [opensc-devel] [pam_pkcs11] improved error messages
(I'm not sure if the mailing list accepts attachments. So I add
our error handling on side
of our helpdesk staff. I'm on my way to make it match the current
trunk version.
Thanks!
Dominik Fischer
Index: src/mappers/pwent_mapper.c
===
--- src/mappers/pwent_mapper.c (Revision 489)
+++ src/mappers
more patch here addressing a problem with card_only: I get asked
for a
username if no smartcard is present. Even if card_only is true. I've
(somewhat brutal)
changed this. I need some time to make it nice and include it in the trunk
version.
Kind regards,
Dominik Fischer
(I'm not sure
()
does not work.)
Please have a look at the patch. If it's OK please include it in further
pam_pkcs11 releases (so I
don't have to patch every new pam_pkcs11 release on my own ;-) ).
Kind regards
Dominik Fischer
---8-8
Index: src/mappers/pwent_mapper.c
Am Montag, den 14.12.2009, 16:03 +0100 schrieb Andreas Jellinghaus:
Am Montag 14 Dezember 2009 14:28:21 schrieb Martin Paljak:
On 14.12.2009, at 15:17, Andreas Jellinghaus wrote:
Hi,
is there a way to put a version on the card in some structure?
so we can write code that sees:
*
Hello Ludovic,
I remember doing this patch.
The problem was that the ASN.1 encoder/decoder routines were bogus.
Negative values and special values like 128 were not encoded
correctly.
I am not really surprised that cards initialized with an old version
have problems when used with a new
please run opensc-tool -f and show us the permissions on
4401 and 4402, those files should be writeable with pin or so-pin,
so you will be able to fix the content of those files, if we
can write a tool for it.
The command is not supported:
$ ./opensc-tool -f
3f00 type: DF, size: 0
running these commands would still help:
openssl dgst -md5 -binary -out digest_file message_file
pkcs15-crypt -s --md5 --pkcs1 -i digest_file -o signature_file
openssl dgst -verify public_key_file -md5 -signature signature_file \
message_file
pkcs15-crypt is a mid-level
Hi everybody,
after some more testing I can say that the error was introduced
in opensc-0.11.5. After diffing and eliminating files which are
obviously not relevant (.svn, README, Makefile, ...) there
are still 123 files left with differences.
Any hint which files could cause my problem or the
Dominik Fischer wrote:
do you still have that RHEL5 machine? if you had a debug log from it too,
that could help in seeing what changed. the interesting parts start with
the first C_Sign line.
Here comes the debug-output from my RHEL5 System.
Without the original command line
I've narrowed the error:
* Installed a fresh Ubuntu Jaunty
* Upgrade the follwing packages to karmic versions:
* linux-kernel
* libccid
* libpcsclite1 / pcscd
Until here all went fine: pkcs11-tool -l -t shows no error.
After I've updated libopensc2 from version 0.11.4-5ubuntu1 to
I've narrowed the error:
* Installed a fresh Ubuntu Jaunty
* Upgrade the follwing packages to karmic versions:
* linux-kernel
* libccid
* libpcsclite1 / pcscd
Until here all went fine: pkcs11-tool -l -t shows no error.
After I've updated libopensc2 from version 0.11.4-5ubuntu1
Am Dienstag, den 08.12.2009, 14:49 +0100 schrieb Andreas Jellinghaus:
Am Dienstag 08 Dezember 2009 13:39:29 schrieb Dominik Fischer:
Why do I think it should work: Under RHEL5 it works with the same card and
the following software versions: * opensc-0.11.1
* ccid-1.0.1
* pcsc-lite
do you still have that RHEL5 machine? if you had a debug log from it too,
that could help in seeing what changed. the interesting parts start with
the first C_Sign line.
Here comes the debug-output from my RHEL5 System.
Regards,
Dominik
ctx.c:695:sc_context_create:
Hello,
the following links to APIs are broken:
http://www.opensc-project.org/doc/libp11/api/index.html
http://www.opensc-project.org/pkcs11-helper/files/pkcs11-helper/doc/api
Although the documentations are in the packages these links should be fixed.
Regards,
Dominik
Hi,
I just tried out engine_pkcs11. It doesn't work like described in the
Quickstart-Document.
I get the error shown below.
My sytem components are:
- RHEL4
- openssl-0.9.7a
- opensc-0.10.0
- libp11-0.1.1
Any suggestions how I could make it work?
--8--8-
OpenSSL engine -t dynamic
17 matches
Mail list logo