-
Notifications
You must be signed in to change notification settings - Fork 709
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenSSL handshake failure when using hardware module #1547
Comments
Comparing the attached files, there is already difference in the response from the card on the first APDU:
while the "working" returns |
#1549 tries this first and if it fails try SELECT PIV AID then tries the Discovery object again. if it can not read the Discovery object with the PIV AID in it, it will set If you have #1549 (Which was rebased yesterday) you can run |
The https://github.com/OpenSC/OpenSC/files/2641667/opensc_debug_handshake_failure.txt should be doing a C_Sign operation next. It may not have written out the buffers yet. Try using OPENSC SPY to see PKCS#11 traffic. Try running under a debugger like gdb or connecting gdb to the hung process to see where it is hung. Try getting a dump of the process, Try using a network trace like WireShark to see if the process ever connects to the server or hangs waiting for the server. What do you mean " openssl API to connect to a test server" Maybe the problem is in how this is used. If you suspect a missing module, use ldd to look at module library requirements. Make sure you are using the same version of OpenSSL for all modules. Using LD_LIBRARY_PATH= might help based on the above two tests. |
Any other processes running that might try and access the card? And a pcscd -d log might help if you think the problem is with OpenSC. |
Closing this issue due to inactivity. Please re-open the ticket if more input is available. |
Hello guys,
this most likely not an issue with OpenSC but some direction will be highly appreciated. Currently, I'm connecting to a PIVKEY hardware module, then getting pointers to the certificate and keys. Afterwards I use the openssl API to connect to a test server (pivkey.com/test/). I have two different versions of linux in which I'm running this program, to my surprise in one of them works and the other one doesn't. I double checked that both versions are using openSC 0.19.0, openSSL 1.0.2o, libp11 0.4.9. I'm missing some other module? Attached are the different logs where one of the them connects successfully and the other one doesn't.
Thanks for your help!
PD: the config files for openssl and opensc are the same too.
opensc_debug_handshake_failure.txt
opensc_debug_working.txt
The text was updated successfully, but these errors were encountered: