coolkey not thread safe (?)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've managed to sort out my previous problem of getting coolkey and stunnel to play well together. I can now use my CAC card to authenticate with stunnel to my internal web proxy and then successfully browse internal websites as though I was internal.

The problem I was having seems to be thread based. I could connect, but as soon as I sent a request in Firefox my browser would attempt multiple connections across the stunnel and that would seem to cause threading issues in coolkey and the session would reset. I fixed this by setting this about:config option in Firefox:
network.http.max-persistent-connections-per-proxy to 1

Once I had that I could browse internally with no problems since Firefox would only ever use one stunnel connection at a time. That is until I tried going to an internal webserver that required client certificate authentication. Then my system would be trying to access the CAC card for the stunnel and the webserver. When I did that I saw these error messages.

From my stunnel client:
2008.03.10 14:33:44 LOG3[4830:0]: error stack: 14099004 : error:14099004:SSL routines:SSL3_SEND_CLIENT_VERIFY:RSA lib 2008.03.10 14:33:44 LOG3[4830:0]: SSL_connect: 8000A032: error:8000A032:Vendor defined:PKCS11_rsa_sign:Device removed

And from # pcscd -adf
...
00000026 ifdhandler.c:1278:IFDHICCPresence() Card present
00043562 winscard_msg_srv.c:288:SHMProcessEventsContext() correctly processed client: 9 00000023 winscard_svc.c:747:MSGCheckHandleAssociation() Client failed to authenticate
00356566 ifdhandler.c:1166:IFDHICCPresence() lun: 0


Needless to say, some of the most interesting internal sites are the ones that require client authentication. Is this a known limitation of coolkey? Any thoughts on how I can get around this?

-matt

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux