Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gemalto Authentication Client PKCS#11 module ( version 10.7.77) tainted #304

Closed
ulrivogl opened this issue Apr 5, 2021 · 2 comments
Closed

Comments

@ulrivogl
Copy link

ulrivogl commented Apr 5, 2021

I was using the Gemalto SafeNet eToken 5110 for my StrongSwan RoadWarrior authentication against my IPSEC Gateway (BinTEC RS123W). It works fine with Gemalto PKCS#11 module "libeToken.so.9.0.43" coming with SafeNet Authentication Client 9.0.43.
But now, using SafeNet SafeNet Authentication Client 10.7.77, the module produces a "MECHANISM_INVALID" error, denying any approach to connect.

Here the swanctl.conf
connections {
{
unique=replace
aggressive=no
version=2
send_cert=always
proposals=aes256-sha256-modp2048
rekey_time=230m
over_time=10m
keyingtries=3
vips=192.168.221.1
remote_addrs=
pools=remote_pool
local {
auth=pubkey
cert {
slot=0
handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
}
}
remote {
auth=pubkey
id="CN="
cacerts=<pathToMyCAcert.pem>
}
children {
vp202_sa1 {
start_action=start
close_action=start
mode=tunnel
updown=
mark_in=42
mark_out=42
esp_proposals=aes256-sha256-modp2048
life_time=120m
rekey_time=108m
local_ts=192.168.221.1/32
remote_ts=192.168.202.0/24
dpd_action=restart
}
}
}
}

    pools {
            remote_pool {
                    addrs=192.168.202.0/24
            }

    }

    secrets {
            token {
                    slot=0
                    handle=<ID taken out of pkcs11-ttol --module /usr/lib64/libeToken.so.10.7.77 -O >
                    pin=<myTokenPassword>
            }
    }
@tobiasbrunner
Copy link
Member

What operation triggers this error? And if you only changed that library, maybe try contacting the manufacturer.

@tobiasbrunner
Copy link
Member

Closing this as no further information was provided.

@tobiasbrunner tobiasbrunner closed this as not planned Won't fix, can't repro, duplicate, stale May 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants