Gemalto Authentication Client PKCS#11 module ( version 10.7.77) tainted

[ulrivogl]

I was using the Gemalto SafeNet eToken 5110 for my StrongSwan RoadWarrior authentication against my IPSEC Gateway (BinTEC RS123W). It works fine with Gemalto PKCS#11 module "libeToken.so.9.0.43" coming with SafeNet Authentication Client 9.0.43.
But now, using SafeNet SafeNet Authentication Client 10.7.77, the module produces a "MECHANISM_INVALID" error, denying any approach to connect.

Here the swanctl.conf
connections {
{
unique=replace
aggressive=no
version=2
send_cert=always
proposals=aes256-sha256-modp2048
rekey_time=230m
over_time=10m
keyingtries=3
vips=192.168.221.1
remote_addrs=
pools=remote_pool
local {
auth=pubkey
cert {
slot=0
handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
}
}
remote {
auth=pubkey
id="CN="
cacerts=<pathToMyCAcert.pem>
}
children {
vp202_sa1 {
start_action=start
close_action=start
mode=tunnel
updown=
mark_in=42
mark_out=42
esp_proposals=aes256-sha256-modp2048
life_time=120m
rekey_time=108m
local_ts=192.168.221.1/32
remote_ts=192.168.202.0/24
dpd_action=restart
}
}
}
}

    pools {
            remote_pool {
                    addrs=192.168.202.0/24
            }

    }

    secrets {
            token {
                    slot=0
                    handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
                    pin=<myTokenPassword>
            }
    }

[tobiasbrunner]

What operation triggers this error? And if you only changed that library, maybe try contacting the manufacturer.

[tobiasbrunner]

Closing this as no further information was provided.