Martin, I need your help here...
On Fri, Sep 30, 2011 at 8:18 PM, <busin...@reebs.org> wrote: > Here you go: > > C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool > --list-keys > Using reader with a card: O2Micro CCID SC Reader 0 > Private RSA Key [Private Key] > Object Flags : [0x3], private, modifiable > Usage : [0x4], sign > Access Flags : [0x1D], sensitive, alwaysSensitive, > neverExtract, local > ModLength : 2048 > Key ref : 0 (0x0) > Native : yes > Path : 3f0050154b0130450012 > Auth ID : 01 > ID : 45 > > > C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool > --list-certificates > Using reader with a card: O2Micro CCID SC Reader 0 > X.509 Certificate [Certificate] > Object Flags : [0x2], modifiable > Authority : no > Path : 3f0050154545 > ID : 45 > Encoded serial : 02 01 02 > > > C:\Program Files\OpenVPN\share\openvpn-win32\config> > > > On Fri, 30 Sep 2011 18:45:31 +0300, Alon Bar-Lev > <alon.bar...@gmail.com> wrote: >> --- >> 2011-09-30 12:05:15.330 [opensc-pkcs11] >> iso7816.c:103:iso7816_check_sw: Command incompatible with file >> structure >> 2011-09-30 12:05:15.330 [opensc-pkcs11] >> card-flex.c:1067:cryptoflex_compute_signature: Card returned error: >> -1200 (Card command failed) >> 2011-09-30 12:05:15.330 [opensc-pkcs11] sec.c:56:sc_compute_signature: >> returning with: -1200 (Card command failed) >> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >> 2011-09-30 12:05:15.330 [opensc-pkcs11] >> pkcs15-sec.c:380:sc_pkcs15_compute_signature: sc_compute_signature() >> failed: -1200 (Card command failed) >> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >> 2011-09-30 12:05:15.330 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: called >> 2011-09-30 12:05:15.330 [opensc-pkcs11] >> framework-pkcs15.c:2721:pkcs15_prkey_sign: Sign complete. Result >> -1200. >> 2011-09-30 12:05:15.330 [opensc-pkcs11] >> misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1200 >> (Card command failed) >> 2011-09-30 12:05:15.330 [opensc-pkcs11] pkcs11-object.c:635:C_Sign: >> C_Sign() = CKR_GENERAL_ERROR >> --- >> >> What I also need is dump of the card content. >> >> Paste the output of >> pkcs15-tool --list-keys >> pkcs15-tool --list-certificates >> >> On Fri, Sep 30, 2011 at 1:16 PM, <busin...@reebs.org> wrote: >>> Here is the log with verb 255 and the associated OpenVPN log verb 255. >>> >>> Rgrds >>> >>> On Thu, 29 Sep 2011 22:42:35 +0300, Alon Bar-Lev >>> <alon.bar...@gmail.com> wrote: >>>> It should be opensc.conf somewhere that is pointed by registry. >>>> See the installation script. >>>> >>>> On Thu, Sep 29, 2011 at 10:34 PM, <busin...@reebs.org> wrote: >>>>> Ok I will do this, however how would I enable this log using the Builds >>>>> you provided?! >>>>> >>>>> Strange is also that while the first attempt, it asks twice for the >>>>> PIN, for the second and following connection attempts (I aborded here >>>>> not to loose start of log because of buffer limitations) it asks only >>>>> once... >>>>> >>>>> On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev >>>>> <alon.bar...@gmail.com> wrote: >>>>>> This is strange. >>>>>> The signature just fails >>>>>> I need opensc logs. >>>>>> >>>>>> It returns CKR_GENERAL_ERROR when tries to sign. >>>>>> >>>>>> On Thu, Sep 29, 2011 at 12:25 PM, <busin...@reebs.org> wrote: >>>>>>> So finally I managed to get the log. For some reasons today it worked >>>>>>> from command line allthough it did not in GUI. Probably some delay >>>>>>> caused by management interface which is interferring with OpenVPN when >>>>>>> log ammount is high... >>>>>>> >>>>>>> Anyway here is the file _(had to paste it from command prompt), hope >>>>>>> that helps! >>>>>>> >>>>>>> On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev >>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>> Well, >>>>>>>> I need log to be able to help. >>>>>>>> If th ui canno handle this, try without ui. >>>>>>>> This UI uses the management interface in order to provide the >>>>>>>> passphrase at port 11196. >>>>>>>> You can telnet this port and see management-notes.txt of how to work >>>>>>>> with it. >>>>>>>> Or.. To open a bug within the ui so it be able to enable more logging. >>>>>>>> >>>>>>>> On Wed, Sep 28, 2011 at 7:01 PM, <busin...@reebs.org> wrote: >>>>>>>>> This does not work. >>>>>>>>> >>>>>>>>> If I set Verb above 7 I get following loop under Command Line and GUI: >>>>>>>>> >>>>>>>>> http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ >>>>>>>>> >>>>>>>>> until it fails. >>>>>>>>> >>>>>>>>> If I set "log filename.txt" in the configuration file and run from >>>>>>>>> CLI, >>>>>>>>> it will go up to the point where pin is required but then fail as it >>>>>>>>> cannot get pin from stdin (btw using win32 version on win Xp and card >>>>>>>>> is >>>>>>>>> former Cryptoflex from gemalto): >>>>>>>>> >>>>>>>>> >>>>>>>>> On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev >>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>> set verb 255 and log to a file. >>>>>>>>>> >>>>>>>>>> On Wed, Sep 28, 2011 at 5:10 PM, <busin...@reebs.org> wrote: >>>>>>>>>>> Yes now download works!!! >>>>>>>>>>> >>>>>>>>>>> However still not able to connect. >>>>>>>>>>> >>>>>>>>>>> I tried both command line and GUI. Same issue: >>>>>>>>>>> >>>>>>>>>>> 1- After it ask for PIN and I enter PIN it immediately asks for the >>>>>>>>>>> PIN >>>>>>>>>>> again >>>>>>>>>>> 2- It then tries to connect, but nothing happens >>>>>>>>>>> 3- After 60 seconde it times out >>>>>>>>>>> 4- Start another connection attempt >>>>>>>>>>> 5- It asks for PIN and after I enter it it immediately fails and >>>>>>>>>>> back >>>>>>>>>>> to point no. 4 until I break >>>>>>>>>>> >>>>>>>>>>> Last working version is 009, 010 and 011 have very same issue. >>>>>>>>>>> >>>>>>>>>>> Here is the command line LOG (short form): >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev >>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>> Now? >>>>>>>>>>>> >>>>>>>>>>>> On Wed, Sep 28, 2011 at 4:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>> Alon, >>>>>>>>>>>>> >>>>>>>>>>>>> I believe there is a permission issue with the new files: >>>>>>>>>>>>> >>>>>>>>>>>>>> Forbidden >>>>>>>>>>>>>> >>>>>>>>>>>>>> You don't have permission to access >>>>>>>>>>>>>> /downloads/users/alonbl/build/opensc- >>>>>>>>>>>>>> i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev >>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>> Use build-011 >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 1:39 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> any clue what is wrong?! :( >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Rgds >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Sun, 25 Sep 2011 18:38:39 +0200, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>> > Hello All, >>>>>>>>>>>>>>> > >>>>>>>>>>>>>>> > Currently I am having troubles to get the latest build >>>>>>>>>>>>>>> > (32bit) of >>>>>>>>>>>>>>> > prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These >>>>>>>>>>>>>>> > are found >>>>>>>>>>>>>>> > here: >>>>>>>>>>>>> .... >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>> >>>>> >>> > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
