Re: [Opensc-devel] Issues connecting to OpenVPN with Smartcard

[Chris J A. <chr...@gm...>]

On 02/17/2013 09:42 AM, Ludovic Rousseau wrote:
> 2013/2/13 Chris J Arges <chr...@gm...>:
>> On 02/13/2013 10:15 AM, Alon Bar-Lev wrote:
>>> Can you please attach the opensc debug log as well?
>>>
>>
>> Attached is a log from a different run, but the results were the same. I
>> can recollect all logs if necessary.
> 
> The PKCS#11 functions from OpenSC all returned CKR_OK. In particular
> C_Sign() also returned CKR_OK.
> So at the OpenSC level everything looks fine.
> 
> I have no idea what is wrong.
> 
> Bye

Ok I've found a workaround that allows me to connect and it is related
to OpenSC.

It seems that _WIN32 is being defined (on a Linux system) when I build
OpenSC from the latest git source. And this was causing an issue in
C_Initialize that made it immediately C_Finalize. I used the following
patch to hack around this, and now OpenVPN connects using a smartcard
via OpenSC.

diff --git a/src/pkcs11/pkcs11-global.c b/src/pkcs11/pkcs11-global.c
index 5652975..bbf897b 100644
--- a/src/pkcs11/pkcs11-global.c
+++ b/src/pkcs11/pkcs11-global.c
@@ -199,6 +199,7 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
        sc_context_param_t ctx_opts;

        /* Handle fork() exception */
+#if 0
 #if !defined(_WIN32)
        if (current_pid != initialized_pid) {
                C_Finalize(NULL_PTR);
@@ -206,6 +207,7 @@ CK_RV C_Initialize(CK_VOID_PTR pInitArgs)
        initialized_pid = current_pid;
        in_finalize = 0;
 #endif
+#endif

        if (context != NULL) {
                sc_log(context, "C_Initialize(): Cryptoki already
initialized\n");

However, it seems the larger problem would be disabling _WIN32 from
being defined on Linux systems. I'm not sure if this is a function of
autotool versions or what.

Thanks,
--chris j arges