Hello Gents, just enquiring for a feedback. did you find something out on this issue? Seems something was brocken in never OpenSC / OpenVPN...
Rgds, PR On Mon, 3 Oct 2011 15:09:28 +0200, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > Martin, > I need your help here... > > On Fri, Sep 30, 2011 at 8:18 PM, <busin...@reebs.org> wrote: >> Here you go: >> >> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >> --list-keys >> Using reader with a card: O2Micro CCID SC Reader 0 >> Private RSA Key [Private Key] >> Object Flags : [0x3], private, modifiable >> Usage : [0x4], sign >> Access Flags : [0x1D], sensitive, alwaysSensitive, >> neverExtract, local >> ModLength : 2048 >> Key ref : 0 (0x0) >> Native : yes >> Path : 3f0050154b0130450012 >> Auth ID : 01 >> ID : 45 >> >> >> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >> --list-certificates >> Using reader with a card: O2Micro CCID SC Reader 0 >> X.509 Certificate [Certificate] >> Object Flags : [0x2], modifiable >> Authority : no >> Path : 3f0050154545 >> ID : 45 >> Encoded serial : 02 01 02 >> >> >> C:\Program Files\OpenVPN\share\openvpn-win32\config> >> >> >> On Fri, 30 Sep 2011 18:45:31 +0300, Alon Bar-Lev >> <alon.bar...@gmail.com> wrote: >>> --- >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>> iso7816.c:103:iso7816_check_sw: Command incompatible with file >>> structure >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>> card-flex.c:1067:cryptoflex_compute_signature: Card returned error: >>> -1200 (Card command failed) >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] sec.c:56:sc_compute_signature: >>> returning with: -1200 (Card command failed) >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>> pkcs15-sec.c:380:sc_pkcs15_compute_signature: sc_compute_signature() >>> failed: -1200 (Card command failed) >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: >>> called >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>> framework-pkcs15.c:2721:pkcs15_prkey_sign: Sign complete. Result >>> -1200. >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>> misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1200 >>> (Card command failed) >>> 2011-09-30 12:05:15.330 [opensc-pkcs11] pkcs11-object.c:635:C_Sign: >>> C_Sign() = CKR_GENERAL_ERROR >>> --- >>> >>> What I also need is dump of the card content. >>> >>> Paste the output of >>> pkcs15-tool --list-keys >>> pkcs15-tool --list-certificates >>> >>> On Fri, Sep 30, 2011 at 1:16 PM, <busin...@reebs.org> wrote: >>>> Here is the log with verb 255 and the associated OpenVPN log verb 255. >>>> >>>> Rgrds >>>> >>>> On Thu, 29 Sep 2011 22:42:35 +0300, Alon Bar-Lev >>>> <alon.bar...@gmail.com> wrote: >>>>> It should be opensc.conf somewhere that is pointed by registry. >>>>> See the installation script. >>>>> >>>>> On Thu, Sep 29, 2011 at 10:34 PM, <busin...@reebs.org> wrote: >>>>>> Ok I will do this, however how would I enable this log using the Builds >>>>>> you provided?! >>>>>> >>>>>> Strange is also that while the first attempt, it asks twice for the >>>>>> PIN, for the second and following connection attempts (I aborded here >>>>>> not to loose start of log because of buffer limitations) it asks only >>>>>> once... >>>>>> >>>>>> On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev >>>>>> <alon.bar...@gmail.com> wrote: >>>>>>> This is strange. >>>>>>> The signature just fails >>>>>>> I need opensc logs. >>>>>>> >>>>>>> It returns CKR_GENERAL_ERROR when tries to sign. >>>>>>> >>>>>>> On Thu, Sep 29, 2011 at 12:25 PM, <busin...@reebs.org> wrote: >>>>>>>> So finally I managed to get the log. For some reasons today it worked >>>>>>>> from command line allthough it did not in GUI. Probably some delay >>>>>>>> caused by management interface which is interferring with OpenVPN when >>>>>>>> log ammount is high... >>>>>>>> >>>>>>>> Anyway here is the file _(had to paste it from command prompt), hope >>>>>>>> that helps! >>>>>>>> >>>>>>>> On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev >>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>> Well, >>>>>>>>> I need log to be able to help. >>>>>>>>> If th ui canno handle this, try without ui. >>>>>>>>> This UI uses the management interface in order to provide the >>>>>>>>> passphrase at port 11196. >>>>>>>>> You can telnet this port and see management-notes.txt of how to work >>>>>>>>> with it. >>>>>>>>> Or.. To open a bug within the ui so it be able to enable more logging. >>>>>>>>> >>>>>>>>> On Wed, Sep 28, 2011 at 7:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>> This does not work. >>>>>>>>>> >>>>>>>>>> If I set Verb above 7 I get following loop under Command Line and >>>>>>>>>> GUI: >>>>>>>>>> >>>>>>>>>> http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ >>>>>>>>>> >>>>>>>>>> until it fails. >>>>>>>>>> >>>>>>>>>> If I set "log filename.txt" in the configuration file and run from >>>>>>>>>> CLI, >>>>>>>>>> it will go up to the point where pin is required but then fail as it >>>>>>>>>> cannot get pin from stdin (btw using win32 version on win Xp and >>>>>>>>>> card is >>>>>>>>>> former Cryptoflex from gemalto): >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev >>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>> set verb 255 and log to a file. >>>>>>>>>>> >>>>>>>>>>> On Wed, Sep 28, 2011 at 5:10 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>> Yes now download works!!! >>>>>>>>>>>> >>>>>>>>>>>> However still not able to connect. >>>>>>>>>>>> >>>>>>>>>>>> I tried both command line and GUI. Same issue: >>>>>>>>>>>> >>>>>>>>>>>> 1- After it ask for PIN and I enter PIN it immediately asks for >>>>>>>>>>>> the PIN >>>>>>>>>>>> again >>>>>>>>>>>> 2- It then tries to connect, but nothing happens >>>>>>>>>>>> 3- After 60 seconde it times out >>>>>>>>>>>> 4- Start another connection attempt >>>>>>>>>>>> 5- It asks for PIN and after I enter it it immediately fails and >>>>>>>>>>>> back >>>>>>>>>>>> to point no. 4 until I break >>>>>>>>>>>> >>>>>>>>>>>> Last working version is 009, 010 and 011 have very same issue. >>>>>>>>>>>> >>>>>>>>>>>> Here is the command line LOG (short form): >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev >>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>> Now? >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Sep 28, 2011 at 4:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>> Alon, >>>>>>>>>>>>>> >>>>>>>>>>>>>> I believe there is a permission issue with the new files: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> Forbidden >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> You don't have permission to access >>>>>>>>>>>>>>> /downloads/users/alonbl/build/opensc- >>>>>>>>>>>>>>> i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev >>>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>>> Use build-011 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 1:39 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> any clue what is wrong?! :( >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Rgds >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Sun, 25 Sep 2011 18:38:39 +0200, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>>> > Hello All, >>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>> > Currently I am having troubles to get the latest build >>>>>>>>>>>>>>>> > (32bit) of >>>>>>>>>>>>>>>> > prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These >>>>>>>>>>>>>>>> > are found >>>>>>>>>>>>>>>> > here: >>>>>>>>>>>>>> .... >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>> >>>>>> >>>> >> >> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
