Re: coolkey with stunnel-nss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




BobR:

I'm a little fuzzy on this, but is there some procedure with the way that he loads the PKCS#11 module that mitigates the need for the pin when reading certificates?

Matt:

Another thing you might try is NSPR logging.
I'm not sure if NSS makes extensive use of this but you can give it a try.

export NSPR_LOG_MODULES=all:5
export NSPR_LOG_FILE=/tmp/nss.log

Another experiment would be to get into Firefox and use the UI to load CoolKey as a PKCS#11 module. Then use the UI to inspect the certs and observe if it is behaving strange here.

Another extreme thing to try would be to compile a debug version of NSS and try to catch the issue in the debugger.

Matt Anderson wrote:
Jack Magne wrote:
Matt:

You can try the following to get some debug info from CoolKey.

1. In the terminal from which you launch your app do:

export COOL_KEY_LOG_FILE=/tmp/cool.txt

2. Run your program.

3. After it fails take a look at /tmp/cool.txt, it may have some clues.

Unfortunately this file is empty when I try to use stunnel with coolkey. Which suggests to me that NSS isn't getting far enough to even query the coolkey module for my certificate.

However when I run certutil I don't always have access to my certificate on my CAC card. Half the time it prompts me for my "CoolKey" password, the other time (when it works) it prompts me for the "Matt R Anderson" pin. I've attached those two log files so you can see them.

-matt

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux