[Touch-packages] [Bug 1970943] [NEW] OpenVPN connection fails with smartcard provided private key; please update pkcs11-helper

Lorenz Schwittmann Fri, 29 Apr 2022 06:47:10 -0700

Public bug reported:

Ubuntu 22.04 LTS


When using an openvpn configuration which uses a smartcard based
authentication via "pkcs11-id" and "pkcs11-providers" the connection
fails:

2022-04-29 14:07:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
2022-04-29 14:07:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2022-04-29 14:07:18 PKCS#11: Adding PKCS#11 provider 
'/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'
2022-04-29 14:07:19 TCP/UDP: Preserving recently used remote address: 
[AF_INET6]XXXXXXXXXXXXX:1194
2022-04-29 14:07:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-04-29 14:07:19 UDP link local: (not bound)
2022-04-29 14:07:19 UDP link remote: [AF_INET6]XXXXXXXXXXXXX:1194
2022-04-29 14:07:19 TLS: Initial packet from [AF_INET6]XXXXXXXXXXXXX:1194, 
sid=xxxxx xxxx
2022-04-29 14:07:19 VERIFY OK: depth=1, CN=xxxxxxxxxxxx
2022-04-29 14:07:19 VERIFY KU OK
2022-04-29 14:07:19 Validating certificate extended key usage
2022-04-29 14:07:19 ++ Certificate has EKU (str) TLS Web Server Authentication, 
expects TLS Web Server Authentication
2022-04-29 14:07:19 VERIFY EKU OK
2022-04-29 14:07:19 VERIFY OK: depth=0, CN=xxxxxxxxxxxxx
2022-04-29 14:07:19 OpenSSL: error:020000B3:rsa routines::missing private key
2022-04-29 14:07:19 OpenSSL: error:1C880004:Provider routines::RSA lib
2022-04-29 14:07:19 OpenSSL: error:0A080006:SSL routines::EVP lib
2022-04-29 14:07:19 TLS_ERROR: BIO read tls_read_plaintext error
2022-04-29 14:07:19 TLS Error: TLS object -> incoming plaintext read error
2022-04-29 14:07:19 TLS Error: TLS handshake failed
2022-04-29 14:07:19 SIGUSR1[soft,tls-error] received, process restarting
2022-04-29 14:07:19 Restart pause, 5 second(s)


The same problem has been reported upstream at 
https://github.com/OpenSC/pkcs11-helper/issues/52 which resulted in a fix.

I've downloaded and built pkcs11-helper version 1.29.0 and it fixed the
problem indeed.


TLDR: please update pkcs11-helper

** Affects: pkcs11-helper (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: upgrade-software-version

** Package changed: file (Ubuntu) => pkcs11-helper (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to file in Ubuntu.
https://bugs.launchpad.net/bugs/1970943

Title:
  OpenVPN connection fails with smartcard provided private key; please
  update pkcs11-helper

Status in pkcs11-helper package in Ubuntu:
  New

Bug description:
  Ubuntu 22.04 LTS

  When using an openvpn configuration which uses a smartcard based
  authentication via "pkcs11-id" and "pkcs11-providers" the connection
  fails:

  2022-04-29 14:07:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
  2022-04-29 14:07:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
  2022-04-29 14:07:18 PKCS#11: Adding PKCS#11 provider 
'/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'
  2022-04-29 14:07:19 TCP/UDP: Preserving recently used remote address: 
[AF_INET6]XXXXXXXXXXXXX:1194
  2022-04-29 14:07:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
  2022-04-29 14:07:19 UDP link local: (not bound)
  2022-04-29 14:07:19 UDP link remote: [AF_INET6]XXXXXXXXXXXXX:1194
  2022-04-29 14:07:19 TLS: Initial packet from [AF_INET6]XXXXXXXXXXXXX:1194, 
sid=xxxxx xxxx
  2022-04-29 14:07:19 VERIFY OK: depth=1, CN=xxxxxxxxxxxx
  2022-04-29 14:07:19 VERIFY KU OK
  2022-04-29 14:07:19 Validating certificate extended key usage
  2022-04-29 14:07:19 ++ Certificate has EKU (str) TLS Web Server 
Authentication, expects TLS Web Server Authentication
  2022-04-29 14:07:19 VERIFY EKU OK
  2022-04-29 14:07:19 VERIFY OK: depth=0, CN=xxxxxxxxxxxxx
  2022-04-29 14:07:19 OpenSSL: error:020000B3:rsa routines::missing private key
  2022-04-29 14:07:19 OpenSSL: error:1C880004:Provider routines::RSA lib
  2022-04-29 14:07:19 OpenSSL: error:0A080006:SSL routines::EVP lib
  2022-04-29 14:07:19 TLS_ERROR: BIO read tls_read_plaintext error
  2022-04-29 14:07:19 TLS Error: TLS object -> incoming plaintext read error
  2022-04-29 14:07:19 TLS Error: TLS handshake failed
  2022-04-29 14:07:19 SIGUSR1[soft,tls-error] received, process restarting
  2022-04-29 14:07:19 Restart pause, 5 second(s)

  
  The same problem has been reported upstream at 
https://github.com/OpenSC/pkcs11-helper/issues/52 which resulted in a fix.

  I've downloaded and built pkcs11-helper version 1.29.0 and it fixed
  the problem indeed.

  
  TLDR: please update pkcs11-helper

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pkcs11-helper/+bug/1970943/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1970943] [NEW] OpenVPN connection fails with smartcard provided private key; please update pkcs11-helper

Reply via email to