I saw guidance on the Subversion users mailing list <http://svn.haxx.se/users/archive-2008-03/1004.shtml> about Subversion with PKCS#11. Accordingly, I compiled pakchois 0.4, GNU TLS 2.3.5, and neon 0.28.2 (with pakchois), compiled Subversion HEAD (r30607) using them, put directives in my subversion configuration file as directed to point it at CoolKey, and got the following error, immediately, upon trying to use my shiny new smartcard layer: subversion/libsvn_ra_neon/session.c:1212: (apr_err=175006) svn: Invalid config: unable to load PKCS#11 provider 'coolkey' Digging deeper with gdb, I found out that coolkey's C_Initialize was returning 10 [== (ck_rv_t_) CKR_CANT_LOCK]. Looking in the PKCS#11 spec <ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf> , I found (p. 119 of the PDF, p. 103 if you print it) that the parameters passed to C_Initialize signified that coolkey "needs to use the native operating system [threading] primitives to ensure safe multi-threaded access. If the library is unable to do this, C_Initialize should return with the value CKR_CANT_LOCK." Relevant snippet from pakchois.c (around line 212): /* Require OS locking, the only sane option. */ memset(&args, 0, sizeof args); args.flags = CKF_OS_LOCKING_OK; args.reserved = reserved; rv = fns->C_Initialize(&args); if (rv != CKR_OK) { goto fail_ctx; } Contrast coolkey.cpp, lines 223-225: if( (initArgs->flags & CKF_OS_LOCKING_OK) || initArgs->LockMutex ){ throw PKCS11Exception(CKR_CANT_LOCK); } How can pakchois be used with coolkey if pakchois expects coolkey to do this OS_LOCKING thing and coolkey drops OS_LOCKING like a hot rock? Versions: coolkey-1.1.0-6.el5 pakchois-0.4-1SK02 pcsc-lite-debuginfo-1.4.100-1SK01 pcsc-lite-libs-1.4.100-1SK01 pcsc-lite-devel-1.4.100-1SK01 pcsc-lite-1.4.100-1SK01 pcsc-lite-doc-1.4.100-1SK01 neon-0.28.2-1SK01 Subversion r30607 (not packaged yet) gnutls-2.3.5-1SK01 gnutls-utils-2.3.5-1SK01 libgcrypt-debuginfo-1.4.0-3 libgcrypt-devel-1.4.0-3 libgcrypt-1.4.0-3 Red Hat Enterprise Linux Client release 5.1 (Tikanga) _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel