It's really trying to open the pkcs11 URI as a file... :/ newfstatat(AT_FDCWD, "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=148c784165ed428b;token=test- token;id=%96%7F%20%F2%98%18%D7%15%3D%AF%87%AB%EC%09%25%C5%14%51%2E%E1;object=test- key;type=private;pin-value=1234", 0x7ffca135a450, 0) = -1 ENOENT (No such file or directory)
I think something in my setup broke, because it's also failing with the pkcs11 module which worked before(tm). UPDATE: hm, having only one pkcs11 provider loaded at once seems better. It kind of worked when I commented out (removed) pkcs11sign from ssl.cnf. I still get a core dump, but the request file is generated: # openssl req -provider pkcs11 -new -key "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=148c784165ed428b;token=test-token;id=%96%7F%20%F2%98%18%D7%15%3D%AF%87%AB%EC%09%25%C5%14%51%2E%E1;object=test-key;type=private;pin-value=1234" -out test-key.req -text -x509 -subj "/CN=n-hsm.lxd" Segmentation fault (core dumped) # l test-key.req -rw-r--r-- 1 root root 4.3K Mar 6 20:18 test-key.req Still, with just pkcs11sign, and no pkcs11, it still didn't work. UPDATE2: the stat on the pkcs11 URI as a file also happens with the pkcs11 provider, so it's probably unrelated (like an attempt: is it a file? No? Ok, is it something else? And so on) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2050017 Title: [FFe] [24.04 FEAT] [SEC2339] HSM protected signing support for Apache httpd for openSSL 3.0 with PKCS #11 provider To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/2050017/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs