Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello, On Sep 17, 2010, at 1:02 AM, Peter Koch wrote: > TCOS-cards have 4 PINs, i.e. PIN, PUK, PIN1 and PIN2. If PIN is blocked it > may by unblocked by PUK. If PIN1 or PIN2 are blocked they may be unblocked by > PIN. So PIN is both a regular PIN (i.e. protects certain objects) and an > unblocki

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / ignored_readers

Hello, it took me some time to reproduce the already described bug: "After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed." This happens, if you use "ignored_readers" in opensc.conf. In my examp

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hi Martin; The TCOS driver marks the user PIN as unblocking PIN [3], which I believe is > incorrect (only PUK should have the unblocking code flag set) > > The attached patch should fix this. Peter, please add your comment. > PKCS#15-spec says: PinAttributes.pinFlags: This field signals whether

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Peter, r4722 does not affect the TCOS issue. You probably missed the e-mail, but I created a ticket for this: http://www.opensc-project.org/opensc/ticket/256 On Thu, Sep 16, 2010 at 01:12, Peter Koch wrote: > Hi Johannes: > > 2010/9/9 Johannes Becker >> >> Hello, >> >> now I have the opensc-d

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hi Johannes: 2010/9/9 Johannes Becker > Hello, > > now I have the opensc-debug logs for pkcs11-tool -L with TCOS > > opensc version 0.11.13-1 gives > token flags: login required, PIN initialized, token initialized > http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.11.13-1.log

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, On Sep 13, 2010, at 12:04 PM, Martin Paljak wrote: >> I just did a quick "grep LOGIN_REQUIRED *.c" and it seems that only >> the WestCOS and OpenPGP emulations set LOGIN_REQUIRED >> while all other emulation-routines don't. > > CKF_LOGIN_REQUIRED from PKCS#11 (which is the flag missing in

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello. From your log I see that the user PIN is marked as unblocking PIN: PIN [PIN] Com. Flags: 0x3 ID: 01 Flags : [0x51], case-sensitive, initialized, unblockingPin Length: min_len:6, max_len:16, stored_len:16 Pad char : 0x00 Refer

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hi, now I detected another flaw in 0.12.0: After some idle time the browser seems to forget completely about the chip card. If you request an encrypted web page, a ssl handshake error is displayed. For production purposes I'm now returning to opensc2 0.11.4-5+lenny1, the last opensc working wit

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, On Sep 12, 2010, at 7:46 PM, Peter Koch wrote: > pkcs15-tcos.c has not been modified for a long time (except some > minor cosmetic changes). So something else must have changed. Correct. > I just did a quick "grep LOGIN_REQUIRED *.c" and it seems that only > the WestCOS and OpenPGP emulat

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

@Johannes: > Apply this patch locally, and everything should work fine. BTW the > unicard support was added by Peter Koch [1]. Maybe you want to contact > him for an upstream patch. > pkcs15-tcos.c has not been modified for a long time (except some minor cosmetic changes). So something else must

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

> > What is the output of pkcs11-tool -L ? > > Does it include for your slot: > > token flags: rng, readonly, ***login required***, PIN initialized, > > token initialized ? > > Yes, there is the point. "login required" is not shown in version 0.12. @Johannes: Apply this patch locally, and eve

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, now I have the opensc-debug logs for pkcs11-tool -L with TCOS opensc version 0.11.13-1 gives token flags: login required, PIN initialized, token initialized http://www.uni-giessen.de/~g013/opensc/opensc-debug.0.11.13-1.log opensc version 0.12.0-svn-r4700 gives token flags: readonl

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Am Montag 06 September 2010 schrieb Martin Paljak: > Hello, > > On Sep 6, 2010, at 2:05 PM, Johannes Becker wrote: > > Am Donnerstag 02 September 2010 schrieb Martin Paljak: > >> Please provide opensc-debug.log for TCOS2 for the failing transaction > >> with 0.12.0. If possible, also the successfu

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

2010/9/6 Jan Just Keijser : > Thanks for the quick response. I had the ccid driver installed yet > opensc/pcsc-lite did not recognize it - I guess this means the Aladdin > eToken PRO is (also) *NOT* CCID compliant. Time to update the wiki? Please, do not guess. Just follow the procedure as describ

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hi Ludovic, Ludovic Rousseau wrote: > 2010/9/6 Jan Just Keijser : > >> more fun with the upcoming 0.12.0 release: >> >> - the only way I know how to initialize an Aladdin eToken PRO 32K with >> opensc is by using the openct driver; is there another way? >> > > Follow [1]. Maybe the token i

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

2010/9/6 Jan Just Keijser : > more fun with the upcoming 0.12.0 release: > > - the only way I know how to initialize an Aladdin eToken PRO 32K with > opensc is by using the openct driver; is there another way? Follow [1]. Maybe the token is CCID compliant. Bye [1] http://pcsclite.alioth.debian.o

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

more fun with the upcoming 0.12.0 release: - the only way I know how to initialize an Aladdin eToken PRO 32K with opensc is by using the openct driver; is there another way? - once I initialize an Aladdin eToken using opensc I can generate 2048 bit keys, add and delete objects etc. Everything w

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Hello, On Sep 6, 2010, at 2:05 PM, Johannes Becker wrote: > Am Donnerstag 02 September 2010 schrieb Martin Paljak: > >> >> Please provide opensc-debug.log for TCOS2 for the failing transaction with >> 0.12.0. If possible, also the successful log with 0.11.X might help. > > The logs are > http:

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release / PIN not asked

Am Donnerstag 02 September 2010 schrieb Martin Paljak: > > Please provide opensc-debug.log for TCOS2 for the failing transaction with > 0.12.0. If possible, also the successful log with 0.11.X might help. The logs are http://www.uni-giessen.de/~g013/opensc/report-bug.txt http://www.uni-giessen.d

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hi Martin, just to confirm: I managed to build opensc 0.12.0 on my Fedora 13 box (with openssl 1.0.0a); my scripts to generated short lived certificates from a key found on a hardware device (Aladdin eToken PRO 32K and Feitian ePass) both work as expected. have a good weekend, JJK / Jan Just

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

On Thu, 2010-09-02 at 12:21 +0200, Johannes Becker wrote: > Hello, > > unfortunately I have to repeat my message about the TCOS2 card: > > > When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2), > firefox presents the certificate to use without asking the PIN. I'm not absolutel

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello, On Sep 2, 2010, at 1:21 PM, Johannes Becker wrote: > When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2), > firefox presents the certificate to use without asking the PIN. > Subsequently the web page called can't be displayed. > > On the other hand CardOS 4.3 works with t

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello, unfortunately I have to repeat my message about the TCOS2 card: When using opensc-0.12.0-svn-r4647 with our Uni Giessen Card (TCOS 2), firefox presents the certificate to use without asking the PIN. Subsequently the web page called can't be displayed. On the other hand CardOS 4.3 works w

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

On 8/26/2010 5:43 AM, Martin Paljak wrote: > Hello, > On Aug 25, 2010, at 10:50 PM, Douglas E. Engert wrote: >> The only change I make for Solaris was to the libtool, >> to add some addition options when creating a module, >> i.e. -B direct -z defs >> >> For the version you are running using: >>

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello, On Aug 25, 2010, at 10:50 PM, Douglas E. Engert wrote: > The only change I make for Solaris was to the libtool, > to add some addition options when creating a module, > i.e. -B direct -z defs > > For the version you are running using: > > cat libtool.diff.1.5.26 > --- libtool~Wed Aug 2

Re: [opensc-devel] Call for testing of the upcoming 0.12.0 release

On 8/25/2010 10:12 AM, Martin Paljak wrote: > Hello, > > I created prereleases [1] of OpenSC 0.12.0, > Please: > - test the source package on different Unix platforms and report success > and failure. On Solaris 10 sparc using /usr/sfw/bin/gcc, works with pcsc-lite, MIT Kerberos-1.8.2 with PKI

[opensc-devel] Call for testing of the upcoming 0.12.0 release

Hello, I created prereleases [1] of OpenSC 0.12.0, which actually means integrating Windows and Mac OS X installer generation scripts into OpenSC SVN (and thus also to github SVN mirrors [2]) and documenting and testing how to generate binary installers from source code checkouts on OS X and Ub