On 26.04.2006, at 23:35, Mika Sorsa wrote:
I checked out the opensc svn sources and made a small fix to the
src/libopensc/reader-pcsc.c for myself:
+++ my/src/libopensc/reader-pcsc.c 2006-04-26 19:40:26.000000000 +0300
@@ -911,6 +911,9 @@
/* Copy data if not Case 1 */
if (data->pin1.length_offset != 4) {
+ /* FIX:[2006-04-26/ms] Lc was not set -> invalid apdu! */
+ pin_verify->abData[offset++] = apdu->datalen;
+ /* FIX: end */
memcpy(&pin_verify->abData[offset], apdu->data,apdu-
>datalen);
offset += apdu->datalen;
}
With this change the pinpad verification works (for both pin1 and
pin2).
I have tested this with the src/tests/pintest and some other tools,
also in
the firefox browser.
What card are you using? I *think* the apdu data sent to reader-
pcsc.c should already contain the Lc byte. Don't have a reader with
me to test it currently. So the problem might be where the apdu is
constructed not in the pcsc code.
In firefox, however, the pkcs#11 module or something
keeps asking the pin2 code several times although the
authentication key needs
only pin1. I try to figure that out later.
This is a known issue. You can bug mozilla NSS developers that
starting from NSS 3.10 NSS selects a nonrep key/cert for SSL client
authentication even when the cert usage does not indicate it and when
you have another certificate that *is* for SSL client usage.
(this has been on my todo list for quite some time...)
--
Martin Paljak / [EMAIL PROTECTED]
martin.paljak.pri.ee / ideelabor.ee
+372 515 64 95
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
