[pkg-opensc-maint] Bug#979726: opensc-pkcs11 0.21.0 breaks my vpn setup. Downgrading to 0.20.0 fixes the problem.
Eric Valette
eric.valette at free.fr
Sun Jan 10 19:56:19 GMT 2021
Package: opensc-pkcs11
Version: 0.21.0-1
Severity: normal
Tags: upstream
My entreprose vpn setup use a PKI token that when 0.21.0-1 is mo more usable.
I looked at the pcks11 options used to start openvpn in the systemd service file
If I use opensc 0.21.0, the PKI led blinks and is accessed but no pkcs11-id are displayed :
openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Downgrading to opensc 0.20.0 I get (stuff removed for confidentiality reasons)
openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
The following objects are available for use.
Each object shown below may be used as parameter to
--pkcs11-id option please remember to use single quote mark.
Certificate
DN: xxxxxxxxxxxxxxxxxxx
Serial: xxxxxxxxxxxxxxxxxxx
Serialized id: xxxxxxxxxxxxxxxxxxx
Certificate
DN: xxxxxxxxxxxxxxxxxxx
Serial: xxxxxxxxxxxxxxxxxxx
Serialized id: xxxxxxxxxxxxxxxxxxx
Certificate
DN: xxxxxxxxxxxxxxxxxxx
Serial: xxxxxxxxxxxxxxxxxxx
Serialized id: xxxxxxxxxxxxxxxxxxx
Certificate
DN: xxxxxxxxxxxxxxxxxxx
Serial: xxxxxxxxxxxxxxxxxxx
Serialized id: xxxxxxxxxxxxxxxxxxx
p11-kit list-modules
p11-kit-trust: p11-kit-trust.so
library-description: PKCS#11 Kit Trust Module
library-manufacturer: PKCS#11 Kit
library-version: 0.23
token: System Trust
manufacturer: PKCS#11 Kit
model: p11-kit-trust
serial-number: 1
hardware-version: 0.23
flags:
write-protected
token-initialized
opensc-pkcs11: opensc-pkcs11.so
library-description: OpenSC smartcard framework
library-manufacturer: OpenSC Project
library-version: 0.21
orange-dongle-aladdin: /usr/lib/libeToken.so
library-description: SafeNet eToken PKCS#11
library-manufacturer: SafeNet, Inc.
library-version: 10.7
With the 0.20.0 modules
pkcs11-tool --module p11-kit-proxy.so -O
Using slot 1 with a present token (0x12)
With 0.21.0 modules
pkcs11-tool --module p11-kit-proxy.so -O
error: PKCS11 function C_GetSlotInfo failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
Abortin
Many colleage have been hit by the bug. I opened it upstream at
https://github.com/OpenSC/OpenSC/issues/2199
-- System Information:
Debian Release: bullseye/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.6 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages opensc-pkcs11 depends on:
ii libc6 2.31-9
ii libglib2.0-0 2.67.1-1
ii libssl1.1 1.1.1i-1
ii zlib1g 1:1.2.11.dfsg-2
opensc-pkcs11 recommends no packages.
opensc-pkcs11 suggests no packages.
-- no debconf information
More information about the pkg-opensc-maint
mailing list