Package: opensc-pkcs11 Version: 0.21.0-1 Severity: normal Tags: upstream My entreprose vpn setup use a PKI token that when 0.21.0-1 is mo more usable. I looked at the pcks11 options used to start openvpn in the systemd service file
If I use opensc 0.21.0, the PKI led blinks and is accessed but no pkcs11-id are displayed : openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark. Downgrading to opensc 0.20.0 I get (stuff removed for confidentiality reasons) openvpn --pkcs11-providers p11-kit-proxy.so --show-pkcs11-ids The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark. Certificate DN: xxxxxxxxxxxxxxxxxxx Serial: xxxxxxxxxxxxxxxxxxx Serialized id: xxxxxxxxxxxxxxxxxxx Certificate DN: xxxxxxxxxxxxxxxxxxx Serial: xxxxxxxxxxxxxxxxxxx Serialized id: xxxxxxxxxxxxxxxxxxx Certificate DN: xxxxxxxxxxxxxxxxxxx Serial: xxxxxxxxxxxxxxxxxxx Serialized id: xxxxxxxxxxxxxxxxxxx Certificate DN: xxxxxxxxxxxxxxxxxxx Serial: xxxxxxxxxxxxxxxxxxx Serialized id: xxxxxxxxxxxxxxxxxxx p11-kit list-modules p11-kit-trust: p11-kit-trust.so library-description: PKCS#11 Kit Trust Module library-manufacturer: PKCS#11 Kit library-version: 0.23 token: System Trust manufacturer: PKCS#11 Kit model: p11-kit-trust serial-number: 1 hardware-version: 0.23 flags: write-protected token-initialized opensc-pkcs11: opensc-pkcs11.so library-description: OpenSC smartcard framework library-manufacturer: OpenSC Project library-version: 0.21 orange-dongle-aladdin: /usr/lib/libeToken.so library-description: SafeNet eToken PKCS#11 library-manufacturer: SafeNet, Inc. library-version: 10.7 With the 0.20.0 modules pkcs11-tool --module p11-kit-proxy.so -O Using slot 1 with a present token (0x12) With 0.21.0 modules pkcs11-tool --module p11-kit-proxy.so -O error: PKCS11 function C_GetSlotInfo failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54) Abortin Many colleage have been hit by the bug. I opened it upstream at https://github.com/OpenSC/OpenSC/issues/2199 -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.10.6 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/bash Init: systemd (via /run/systemd/system) Versions of packages opensc-pkcs11 depends on: ii libc6 2.31-9 ii libglib2.0-0 2.67.1-1 ii libssl1.1 1.1.1i-1 ii zlib1g 1:1.2.11.dfsg-2 opensc-pkcs11 recommends no packages. opensc-pkcs11 suggests no packages. -- no debconf information
