From: David W. <dw...@in...> - 2015-04-30 22:10:31
|
I'm fixing pkcs11-helper to support RFC7512 URIs, but I'm having difficulty testing it even before I make any changes. I'm using a Yubikey NEO. I'm getting this failure when testing with OpenVPN (which uses pkcs11-helper): Enter PIV_II (PIV Card Holder pin) token Password: 27: C_Login 2015-04-30 22:23:36.592 [in] hSession = 0x143ffb0 [in] userType = CKU_USER [in] pPin[ulPinLen] 00007ffcd447d0e0 / 4 00000000 66 69 73 68 fish 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:259:C_Login: C_Login(0x143ffb0, 1) 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:279:C_Login: C_Login() slot->login_user 4294967295 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:288:C_Login: C_Login() userType 1 0x7fa848020800 22:23:36.592 [opensc-pkcs11] framework-pkcs15.c:1414:pkcs15_login: pkcs15-login: userType 0x1, PIN length 4 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:293:sc_pkcs15_verify_pin: called 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:294:sc_pkcs15_verify_pin: PIN(type:0;method:1;len:) 0x7fa848020800 22:23:36.592 [opensc-pkcs11] card.c:325:sc_lock: called 0x7fa848020800 22:23:36.592 [opensc-pkcs11] reader-pcsc.c:517:pcsc_lock: called 0x7fa848020800 22:23:36.592 [opensc-pkcs11] reader-pcsc.c:544:pcsc_lock: Yubico Yubikey NEO OTP+CCID 00 00:SCardBeginTransaction failed: 0x8010001d 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs15-pin.c:356:sc_pkcs15_verify_pin: sc_lock() failed: -1101 (No readers found) 0x7fa848020800 22:23:36.592 [opensc-pkcs11] framework-pkcs15.c:1528:pkcs15_login: PKCS15 verify PIN returned -1101 0x7fa848020800 22:23:36.592 [opensc-pkcs11] misc.c:61:sc_to_cryptoki_error_common: libopensc return value: -1101 (No readers found) 0x7fa848020800 22:23:36.592 [opensc-pkcs11] pkcs11-session.c:290:C_Login: fLogin() rv 5 Returned: 5 CKR_GENERAL_ERROR Thu Apr 30 22:23:36 2015 PKCS#11: Cannot perform signature 5:'CKR_GENERAL_ERROR' Thu Apr 30 22:23:36 2015 OpenSSL: error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib Full output at http://david.woodhou.se/openvpn-failing.txt and pcsc-spy log at http://david.woodhou.se/pcsc-spy.txt -- dwmw2 |