All right. I have this deja vu feeling about this, because I recall
identifying this problem a few years ago, and very little has happened
with opensc-signer in all this time.
I'd be willing to work on the signer, so that use of, say, setec setweb
will no longer be required for performing digital signatures in the browser.
The anatomy of the problem is this. If you go to https://vrk.fineid.fi/
and log on, the system asks for the pins for both of your keys (what
does it ask the pin for the nonrepudiation key for?), and provides my
certificate to the remote host, where the server analyses it, etc. Now,
if I try to test the signature, the browser freezes.
This freeze occurs in response to signer component's attempt to call the
sc_connect_card() function, which apparently means that it attempts
reset and reinitialise the smartcard, but the smartcard is already
accessed by the pkcs11 module. My guess is, it gets into line and waits
for the pkcs11 module to stop using the smartcard, which will never
happen. The browser stops until I terminate this function call by
pulling the card out.
A good simulation of this appears to be, something like running
pkcs11-tool -t in two terminals. The latter process gets into queue and
waits until the user has done with the former pkcs11. Now, I'm not
arguing that this case should be made to work. But we have these modules
in the same process. Is it not possible to make them cooperate? Please
outline how I should go about to make them cooperate with each other.
Isn't there something like sc_connect_cached_card(), which looks up
existing connections and reuses one if such already exists in the
context of the process.
--
Antti
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
