Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
U - Original Message - From: Bruno Jesus [mailto:00cp...@gmail.com] Sent: Friday, October 04, 2013 02:46 AM To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey On Thu, Oct 3, 2013 at 9:41 PM, Howdy Dood h0wdyd3...@gmail.com wrote: I'm sorry, I forgot that when I plugged in scr331 to my working laptop, I had no issues. So, the scr3500 and the scr331 work on laptop the scr3500 works on desktop, but scr331 only works with certain certificates. The only singularity that I remember about my SCR331 is that it does not support warm resets. But if the card required that it would not work on both laptop or desktop. Regards, Bruno ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
Madafakazzz Sent from my BlackBerry® wireless device -Original Message- From: Howdy Dood h0wdyd3...@gmail.com Sender: Muscle muscle-boun...@lists.musclecard.comDate: Thu, 3 Oct 2013 14:21:25 To: MUSCLEmuscle@lists.musclecard.com Reply-To: MUSCLE muscle@lists.musclecard.com Subject: Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
[Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. Thanks for help ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
The government is shut down, what do you expect :-) ⛵ On Oct 3, 2013, at 8:51 AM, Howdy Dood h0wdyd3...@gmail.com wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. Thanks for help ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
Considering it works fine on my laptop, I doubt that has anything to do with anything. On Thu, Oct 3, 2013 at 11:00 AM, Michael Bender michaelben...@me.comwrote: The government is shut down, what do you expect :-) ⛵ On Oct 3, 2013, at 8:51 AM, Howdy Dood h0wdyd3...@gmail.com wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. Thanks for help ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
On 10/3/2013 10:51 AM, Howdy Dood wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail athttp://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: " The connection was reset The connection to the server was reset while the page was loading." and on a related site, I get: "Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE" On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. That sounds like the old version was caching the pin, and new version is not, or not caching it correctly. For PIV cards, (and all newer CAC cards are both) when the signature key is used to do a crypto operation, the previous operation to the card must have been a verify i.e. PIN is sent. You can run pcscd in debug mode, and watch the commands to the card to get some more information. And as a previous responder said, it could be because the *.gov web site is down... Thanks for help ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
Douglas, thanks, but as I said, it works on the exact same site with another machine. The site is not down. I'm using it right now through virtualbox with windows 8. It seems to only have the problem when using the email certificate, but not the digital signature certificate(those sites work). On Thu, Oct 3, 2013 at 12:16 PM, Douglas E. Engert deeng...@anl.gov wrote: On 10/3/2013 10:51 AM, Howdy Dood wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. That sounds like the old version was caching the pin, and new version is not, or not caching it correctly. For PIV cards, (and all newer CAC cards are both) when the signature key is used to do a crypto operation, the previous operation to the card must have been a verify i.e. PIN is sent. You can run pcscd in debug mode, and watch the commands to the card to get some more information. And as a previous responder said, it could be because the *.gov web site is down... Thanks for help ___ Muscle mailing listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
On 10/3/2013 1:02 PM, Howdy Dood wrote: Douglas, thanks, but as I said, it works on the exact same site with another machine. The site is not down. I'm using it right now through virtualbox with windows 8. It seems to only have the problem when using the email certificate, but not the digital signature certificate(those sites work). What does the pcscd debugging show? Does it even get far enough to use the card? Are you missing some CA certificates or intermediate certificates on the F19? I believe that on DoD CAC cards, the two certificates may be signed by different CAs with different trust chains. On Thu, Oct 3, 2013 at 12:16 PM, Douglas E. Engert deeng...@anl.gov wrote: On 10/3/2013 10:51 AM, Howdy Dood wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail athttp://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: " The connection was reset The connection to the server was reset while the page was loading." and on a related site, I get: "Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE" On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. That sounds like the old version was caching the pin, and new version is not, or not caching it correctly. For PIV cards, (and all newer CAC cards are both) when the signature key is used to do a crypto operation, the previous operation to the card must have been a verify i.e. PIN is sent. You can run pcscd in debug mode, and watch the commands to the card to get some more information. And as a previous responder said, it could be because the *.gov web site is down... Thanks for help
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
OK, I seem to have narrowed it down. It's an SCR-331 CaC reader. Once I tried a different model, it works without a problem. That being said, I used the SCR-331 for years without an issue. Did pcscd have an update in the last few months that would have affected support? I last used the card reader in May and had been using it without incident. On Thu, Oct 3, 2013 at 2:21 PM, Howdy Dood h0wdyd3...@gmail.com wrote: Douglas, Thanks for your help. It uses the card in that it prompts for pin, then prompts for which cert to use. On sites that use Digital signature certificate, they work fine. On sites, such as webmail, that use email certificate, I get those errors. That being said, both types of certs/sites work on my f19 laptop:( How do I see if I'm missing some such certificates? My issue is I get the same error with firefox, chrome, and davmail, and with any user I create/try. I attached the debug, but didn't see anything relevant. Prior to this email, I had to use virtualbox in order to send an email that I had to send. Pretty frustrating:O On Thu, Oct 3, 2013 at 2:10 PM, Douglas E. Engert deeng...@anl.govwrote: On 10/3/2013 1:02 PM, Howdy Dood wrote: Douglas, thanks, but as I said, it works on the exact same site with another machine. The site is not down. I'm using it right now through virtualbox with windows 8. It seems to only have the problem when using the email certificate, but not the digital signature certificate(those sites work). What does the pcscd debugging show? Does it even get far enough to use the card? Are you missing some CA certificates or intermediate certificates on the F19? I believe that on DoD CAC cards, the two certificates may be signed by different CAs with different trust chains. On Thu, Oct 3, 2013 at 12:16 PM, Douglas E. Engert deeng...@anl.govwrote: On 10/3/2013 10:51 AM, Howdy Dood wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. That sounds like the old version was caching the pin, and new version is not, or not caching it correctly. For PIV cards, (and all newer CAC cards are both) when the signature key is used to do a crypto operation, the previous operation to the card must have been a verify i.e. PIN is sent. You can run pcscd in debug mode, and watch the commands to the card to get some more information. And as a previous responder said, it could be because the *.gov web site is down... Thanks for help ___ Muscle mailing listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
I'm sorry, I forgot that when I plugged in scr331 to my working laptop, I had no issues. So, the scr3500 and the scr331 work on laptop the scr3500 works on desktop, but scr331 only works with certain certificates. On Thu, Oct 3, 2013 at 7:26 PM, Howdy Dood h0wdyd3...@gmail.com wrote: OK, I seem to have narrowed it down. It's an SCR-331 CaC reader. Once I tried a different model, it works without a problem. That being said, I used the SCR-331 for years without an issue. Did pcscd have an update in the last few months that would have affected support? I last used the card reader in May and had been using it without incident. On Thu, Oct 3, 2013 at 2:21 PM, Howdy Dood h0wdyd3...@gmail.com wrote: Douglas, Thanks for your help. It uses the card in that it prompts for pin, then prompts for which cert to use. On sites that use Digital signature certificate, they work fine. On sites, such as webmail, that use email certificate, I get those errors. That being said, both types of certs/sites work on my f19 laptop:( How do I see if I'm missing some such certificates? My issue is I get the same error with firefox, chrome, and davmail, and with any user I create/try. I attached the debug, but didn't see anything relevant. Prior to this email, I had to use virtualbox in order to send an email that I had to send. Pretty frustrating:O On Thu, Oct 3, 2013 at 2:10 PM, Douglas E. Engert deeng...@anl.govwrote: On 10/3/2013 1:02 PM, Howdy Dood wrote: Douglas, thanks, but as I said, it works on the exact same site with another machine. The site is not down. I'm using it right now through virtualbox with windows 8. It seems to only have the problem when using the email certificate, but not the digital signature certificate(those sites work). What does the pcscd debugging show? Does it even get far enough to use the card? Are you missing some CA certificates or intermediate certificates on the F19? I believe that on DoD CAC cards, the two certificates may be signed by different CAs with different trust chains. On Thu, Oct 3, 2013 at 12:16 PM, Douglas E. Engert deeng...@anl.govwrote: On 10/3/2013 10:51 AM, Howdy Dood wrote: Hello, I have Fedora 19 on two machines. I use libcoolkey to use a Common Access Card's certificates to access my webmail at http://www.foo.bar.gov However, since upgrading to F19 on machine two, although I am prompted for pin, etc, and certs show, and I can choose the right cert, I get: The connection was reset The connection to the server was reset while the page was loading. and on a related site, I get: Unable to load the webpage because the server sent no data. Error code: ERR_EMPTY_RESPONSE On machine one, it works fine. I cannot figure out what the problem is here. Same version of pcsc, same version of libcoolkey... on machine 2, both firefox and chrome have this problem. Both machines are on the same network. On machine two, if I open up virtualbox and go to win8, and use CaC there, I can access the site with IE. Any site that requires email signature certificate on card has this problem. If the site requires digital ID certificate, it still works fine. That sounds like the old version was caching the pin, and new version is not, or not caching it correctly. For PIV cards, (and all newer CAC cards are both) when the signature key is used to do a crypto operation, the previous operation to the card must have been a verify i.e. PIN is sent. You can run pcscd in debug mode, and watch the commands to the card to get some more information. And as a previous responder said, it could be because the *.gov web site is down... Thanks for help ___ Muscle mailing listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing listMuscle@lists.musclecard.comhttp://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com -- Douglas E. Engert deeng...@anl.gov deeng...@anl.gov Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
On Thu, Oct 3, 2013 at 9:41 PM, Howdy Dood h0wdyd3...@gmail.com wrote: I'm sorry, I forgot that when I plugged in scr331 to my working laptop, I had no issues. So, the scr3500 and the scr331 work on laptop the scr3500 works on desktop, but scr331 only works with certain certificates. The only singularity that I remember about my SCR331 is that it does not support warm resets. But if the card required that it would not work on both laptop or desktop. Regards, Bruno ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
Re: [Muscle] connection reset/no data returned errors in browser with pcsclite/coolkey
I have no idea what's going on. I went and got an old scr311 out of storage and it works fine with my problem computer now. At any rate, thanks for the help! On Thu, Oct 3, 2013 at 7:46 PM, Bruno Jesus 00cp...@gmail.com wrote: On Thu, Oct 3, 2013 at 9:41 PM, Howdy Dood h0wdyd3...@gmail.com wrote: I'm sorry, I forgot that when I plugged in scr331 to my working laptop, I had no issues. So, the scr3500 and the scr331 work on laptop the scr3500 works on desktop, but scr331 only works with certain certificates. The only singularity that I remember about my SCR331 is that it does not support warm resets. But if the card required that it would not work on both laptop or desktop. Regards, Bruno ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com ___ Muscle mailing list Muscle@lists.musclecard.com http://lists.musclecard.com/mailman/listinfo/muscle_lists.musclecard.com
