[pkg-opensc-maint] Bug#979726: Bug#979726: opensc-pkcs11 0.21.0 breaks my vpn setup. Downgrading to 0.20.0 fixes the problem.

Eric Dorland eric at debian.org
Mon Jan 11 03:28:43 GMT 2021 

forwarded -1 https://github.com/OpenSC/OpenSC/issues/2199
thanks

* Eric Valette (eric.valette at free.fr) wrote:
> Package: opensc-pkcs11
> Version: 0.21.0-1
> Severity: normal
> Tags: upstream
> 
> My entreprose vpn setup use a PKI token that when 0.21.0-1 is mo more usable.
> I looked at the pcks11 options used to start openvpn in the systemd service file
> 
> If I use opensc 0.21.0, the PKI led blinks and is accessed but no pkcs11-id are displayed :
> 
> openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
> 
> The following objects are available for use.
> Each object shown below may be used as parameter to
> --pkcs11-id option please remember to use single quote mark.
> 
> Downgrading to opensc 0.20.0 I get (stuff removed for confidentiality reasons)
> 
> openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids
> 
> The following objects are available for use.
> Each object shown below may be used as parameter to
> --pkcs11-id option please remember to use single quote mark.
> 
> Certificate
> DN: xxxxxxxxxxxxxxxxxxx
> Serial: xxxxxxxxxxxxxxxxxxx
> Serialized id: xxxxxxxxxxxxxxxxxxx
> 
> Certificate
> DN: xxxxxxxxxxxxxxxxxxx
> Serial: xxxxxxxxxxxxxxxxxxx
> Serialized id: xxxxxxxxxxxxxxxxxxx
> 
> Certificate
> DN: xxxxxxxxxxxxxxxxxxx
> Serial: xxxxxxxxxxxxxxxxxxx
> Serialized id: xxxxxxxxxxxxxxxxxxx
> 
> Certificate
> DN: xxxxxxxxxxxxxxxxxxx
> Serial: xxxxxxxxxxxxxxxxxxx
> Serialized id: xxxxxxxxxxxxxxxxxxx
> 
> p11-kit list-modules
> p11-kit-trust: p11-kit-trust.so
> library-description: PKCS#11 Kit Trust Module
> library-manufacturer: PKCS#11 Kit
> library-version: 0.23
> token: System Trust
> manufacturer: PKCS#11 Kit
> model: p11-kit-trust
> serial-number: 1
> hardware-version: 0.23
> flags:
> write-protected
> token-initialized
> opensc-pkcs11: opensc-pkcs11.so
> library-description: OpenSC smartcard framework
> library-manufacturer: OpenSC Project
> library-version: 0.21
> orange-dongle-aladdin: /usr/lib/libeToken.so
> library-description: SafeNet eToken PKCS#11
> library-manufacturer: SafeNet, Inc.
> library-version: 10.7
> 
> With the 0.20.0 modules
> 
> pkcs11-tool --module p11-kit-proxy.so -O
> Using slot 1 with a present token (0x12)
> 
> With 0.21.0 modules
> 
> pkcs11-tool --module p11-kit-proxy.so -O
> error: PKCS11 function C_GetSlotInfo failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54)
> 
> Abortin
> 
> Many colleage have been hit by the bug. I opened it upstream at 
> https://github.com/OpenSC/OpenSC/issues/2199
> 
> 
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers unstable
>   APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 5.10.6 (SMP w/8 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
> Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /usr/bin/bash
> Init: systemd (via /run/systemd/system)
> 
> Versions of packages opensc-pkcs11 depends on:
> ii  libc6         2.31-9
> ii  libglib2.0-0  2.67.1-1
> ii  libssl1.1     1.1.1i-1
> ii  zlib1g        1:1.2.11.dfsg-2
> 
> opensc-pkcs11 recommends no packages.
> 
> opensc-pkcs11 suggests no packages.
> 
> -- no debconf information
> 
> _______________________________________________
> pkg-opensc-maint mailing list
> pkg-opensc-maint at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-opensc-maint

-- 
Eric Dorland <eric at kuroneko.ca>
43CF 1228 F726 FD5B 474C  E962 C256 FBD5 0022 1E93

More information about the pkg-opensc-maint mailing list