Hello Alon, Thank you for the rapid feedback! I will do so later today.
Regards, Patrick On Wed, 19 Oct 2011 10:55:23 +0200, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > Hello business, > > The issue is probably within OpenSC, related to [1]. > > Will be fixed in next version. > It would be great if you can provide OpenSC logs from your working > configuration. > > Thanks, > Alon. > > [1] http://www.opensc-project.org/opensc/ticket/162 > > > On Wed, Oct 19, 2011 at 8:03 AM, <busin...@reebs.org> wrote: >> Hello Gents, >> >> just enquiring for a feedback. did you find something out on this >> issue? Seems something was brocken in never OpenSC / OpenVPN... >> >> Rgds, PR >> >> On Mon, 3 Oct 2011 15:09:28 +0200, Alon Bar-Lev <alon.bar...@gmail.com> >> wrote: >>> Martin, >>> I need your help here... >>> >>> On Fri, Sep 30, 2011 at 8:18 PM, <busin...@reebs.org> wrote: >>>> Here you go: >>>> >>>> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >>>> --list-keys >>>> Using reader with a card: O2Micro CCID SC Reader 0 >>>> Private RSA Key [Private Key] >>>> Object Flags : [0x3], private, modifiable >>>> Usage : [0x4], sign >>>> Access Flags : [0x1D], sensitive, alwaysSensitive, >>>> neverExtract, local >>>> ModLength : 2048 >>>> Key ref : 0 (0x0) >>>> Native : yes >>>> Path : 3f0050154b0130450012 >>>> Auth ID : 01 >>>> ID : 45 >>>> >>>> >>>> C:\Program Files\OpenVPN\share\openvpn-win32\config>pkcs15-tool >>>> --list-certificates >>>> Using reader with a card: O2Micro CCID SC Reader 0 >>>> X.509 Certificate [Certificate] >>>> Object Flags : [0x2], modifiable >>>> Authority : no >>>> Path : 3f0050154545 >>>> ID : 45 >>>> Encoded serial : 02 01 02 >>>> >>>> >>>> C:\Program Files\OpenVPN\share\openvpn-win32\config> >>>> >>>> >>>> On Fri, 30 Sep 2011 18:45:31 +0300, Alon Bar-Lev >>>> <alon.bar...@gmail.com> wrote: >>>>> --- >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>>> iso7816.c:103:iso7816_check_sw: Command incompatible with file >>>>> structure >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>>> card-flex.c:1067:cryptoflex_compute_signature: Card returned error: >>>>> -1200 (Card command failed) >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] sec.c:56:sc_compute_signature: >>>>> returning with: -1200 (Card command failed) >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>>> pkcs15-sec.c:380:sc_pkcs15_compute_signature: sc_compute_signature() >>>>> failed: -1200 (Card command failed) >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] card.c:330:sc_unlock: called >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] reader-pcsc.c:548:pcsc_unlock: >>>>> called >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>>> framework-pkcs15.c:2721:pkcs15_prkey_sign: Sign complete. Result >>>>> -1200. >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] >>>>> misc.c:59:sc_to_cryptoki_error_common: libopensc return value: -1200 >>>>> (Card command failed) >>>>> 2011-09-30 12:05:15.330 [opensc-pkcs11] pkcs11-object.c:635:C_Sign: >>>>> C_Sign() = CKR_GENERAL_ERROR >>>>> --- >>>>> >>>>> What I also need is dump of the card content. >>>>> >>>>> Paste the output of >>>>> pkcs15-tool --list-keys >>>>> pkcs15-tool --list-certificates >>>>> >>>>> On Fri, Sep 30, 2011 at 1:16 PM, <busin...@reebs.org> wrote: >>>>>> Here is the log with verb 255 and the associated OpenVPN log verb 255. >>>>>> >>>>>> Rgrds >>>>>> >>>>>> On Thu, 29 Sep 2011 22:42:35 +0300, Alon Bar-Lev >>>>>> <alon.bar...@gmail.com> wrote: >>>>>>> It should be opensc.conf somewhere that is pointed by registry. >>>>>>> See the installation script. >>>>>>> >>>>>>> On Thu, Sep 29, 2011 at 10:34 PM, <busin...@reebs.org> wrote: >>>>>>>> Ok I will do this, however how would I enable this log using the Builds >>>>>>>> you provided?! >>>>>>>> >>>>>>>> Strange is also that while the first attempt, it asks twice for the >>>>>>>> PIN, for the second and following connection attempts (I aborded here >>>>>>>> not to loose start of log because of buffer limitations) it asks only >>>>>>>> once... >>>>>>>> >>>>>>>> On Thu, 29 Sep 2011 21:13:52 +0300, Alon Bar-Lev >>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>> This is strange. >>>>>>>>> The signature just fails >>>>>>>>> I need opensc logs. >>>>>>>>> >>>>>>>>> It returns CKR_GENERAL_ERROR when tries to sign. >>>>>>>>> >>>>>>>>> On Thu, Sep 29, 2011 at 12:25 PM, <busin...@reebs.org> wrote: >>>>>>>>>> So finally I managed to get the log. For some reasons today it worked >>>>>>>>>> from command line allthough it did not in GUI. Probably some delay >>>>>>>>>> caused by management interface which is interferring with OpenVPN >>>>>>>>>> when >>>>>>>>>> log ammount is high... >>>>>>>>>> >>>>>>>>>> Anyway here is the file _(had to paste it from command prompt), hope >>>>>>>>>> that helps! >>>>>>>>>> >>>>>>>>>> On Thu, 29 Sep 2011 11:00:57 +0300, Alon Bar-Lev >>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>> Well, >>>>>>>>>>> I need log to be able to help. >>>>>>>>>>> If th ui canno handle this, try without ui. >>>>>>>>>>> This UI uses the management interface in order to provide the >>>>>>>>>>> passphrase at port 11196. >>>>>>>>>>> You can telnet this port and see management-notes.txt of how to >>>>>>>>>>> work with it. >>>>>>>>>>> Or.. To open a bug within the ui so it be able to enable more >>>>>>>>>>> logging. >>>>>>>>>>> >>>>>>>>>>> On Wed, Sep 28, 2011 at 7:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>> This does not work. >>>>>>>>>>>> >>>>>>>>>>>> If I set Verb above 7 I get following loop under Command Line and >>>>>>>>>>>> GUI: >>>>>>>>>>>> >>>>>>>>>>>> http://imageshack.us/photo/my-images/829/unbenanntrg.jpg/ >>>>>>>>>>>> >>>>>>>>>>>> until it fails. >>>>>>>>>>>> >>>>>>>>>>>> If I set "log filename.txt" in the configuration file and run from >>>>>>>>>>>> CLI, >>>>>>>>>>>> it will go up to the point where pin is required but then fail as >>>>>>>>>>>> it >>>>>>>>>>>> cannot get pin from stdin (btw using win32 version on win Xp and >>>>>>>>>>>> card is >>>>>>>>>>>> former Cryptoflex from gemalto): >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Wed, 28 Sep 2011 18:30:14 +0300, Alon Bar-Lev >>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>> set verb 255 and log to a file. >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, Sep 28, 2011 at 5:10 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>> Yes now download works!!! >>>>>>>>>>>>>> >>>>>>>>>>>>>> However still not able to connect. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I tried both command line and GUI. Same issue: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 1- After it ask for PIN and I enter PIN it immediately asks for >>>>>>>>>>>>>> the PIN >>>>>>>>>>>>>> again >>>>>>>>>>>>>> 2- It then tries to connect, but nothing happens >>>>>>>>>>>>>> 3- After 60 seconde it times out >>>>>>>>>>>>>> 4- Start another connection attempt >>>>>>>>>>>>>> 5- It asks for PIN and after I enter it it immediately fails and >>>>>>>>>>>>>> back >>>>>>>>>>>>>> to point no. 4 until I break >>>>>>>>>>>>>> >>>>>>>>>>>>>> Last working version is 009, 010 and 011 have very same issue. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Here is the command line LOG (short form): >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Wed, 28 Sep 2011 16:04:24 +0300, Alon Bar-Lev >>>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>>> Now? >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 4:01 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>>> Alon, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> I believe there is a permission issue with the new files: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Forbidden >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> You don't have permission to access >>>>>>>>>>>>>>>>> /downloads/users/alonbl/build/opensc- >>>>>>>>>>>>>>>>> i686-w64-mingw32-011-engine_pkcs11.tar.bz2 on this server. >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Wed, 28 Sep 2011 15:40:00 +0300, Alon Bar-Lev >>>>>>>>>>>>>>>> <alon.bar...@gmail.com> wrote: >>>>>>>>>>>>>>>>> Use build-011 >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Wed, Sep 28, 2011 at 1:39 PM, <busin...@reebs.org> wrote: >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Hi All, >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> any clue what is wrong?! :( >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> Rgds >>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>> On Sun, 25 Sep 2011 18:38:39 +0200, <busin...@reebs.org> >>>>>>>>>>>>>>>>>> wrote: >>>>>>>>>>>>>>>>>> > Hello All, >>>>>>>>>>>>>>>>>> > >>>>>>>>>>>>>>>>>> > Currently I am having troubles to get the latest build >>>>>>>>>>>>>>>>>> > (32bit) of >>>>>>>>>>>>>>>>>> > prebuild OpenVPN/OpenSC/OpenSSL to work alltogether. These >>>>>>>>>>>>>>>>>> > are found >>>>>>>>>>>>>>>>>> > here: >>>>>>>>>>>>>>>> .... >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>> >>>>>>>> >>>>>>>> >>>>>> >>>> >>>> >> >> _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
