Re: coolkey with stunnel-nss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Matt:

You can try the following to get some debug info from CoolKey.

1. In the terminal from which you launch your app do:

export COOL_KEY_LOG_FILE=/tmp/cool.txt

2. Run your program.

3. After it fails take a look at /tmp/cool.txt, it may have some clues.

Matt Anderson wrote:
I'm still trying to use Coolkey for remote access as in https://www.redhat.com/mailman/private/coolkey-devel/2008-March/msg00000.html

only now I've switched from OpenSSL stunnel to NSS based stunnel (stunnel-5.0-alpha1). I've got a local NSS db in ~/.nssdb which I've already used modutil to populate:

[mra@orb ~]$ modutil -add  "coolkey" -libfile
/usr/lib/pkcs11/libcoolkeypk11.so -dbdir ~/.nssdb

WARNING: Performing this operation while the browser is running could cause corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type
'q <enter>' to abort, or <enter> to continue:

Module "coolkey" added to database.
[mra@orb ~]$ certutil -L -d ~/.nssdb -h all

Certificate Nickname                                         Trust
Attributes

SSL,S/MIME,JAR/XPI

Enter Password or Pin for "Matt R Anderson": <Here I enter my CAC pin>
Matt R Anderson:CAC ID Certificate                           u,u,u


From there I've set myself up with this stunnel.conf file:
debug = debug
foreground = yes
pid = /home/mra/stunnel.pid
database = /home/mra/.nssdb

[http]
client = yes
cert = "Matt R Anderson"
accept = localhost:8080
connect = http.access.hp.com:443

However when I run `stunnel ~/stunnel.conf` I get this error:
2008.08.18 17:35:55 LOG7[31548:154748240]: Snagged 64 random bytes from /dev/urandom
2008.08.18 17:35:55 LOG7[31548:154748240]: PRNG seeded successfully
2008.08.18 17:35:55 LOG7[31548:154748240]: Certificate: "Matt R Anderson"
2008.08.18 17:35:55 LOG3[31548:154748240]: PK11_FindCertFromNickname: Unknown code ___f 18(-8174,0) 2008.08.18 17:35:55 LOG3[31548:154748240]: Error reading certificate: "Matt R Anderson"


When I run certutil I get prompted for a pin, but that doesn't happen when I try to use the token via stunnel. Am I referencing the CAC token correctly? Any suggestions?

-matt

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux