Re: Coolkey use problems on Fedora 14 (no token available)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Found a major part of the problem.

I post the solution in this thread as my thread seems to be dead.


Get RID of cac-1.patch (patch text given further down), or at least fix the patch.

I now have my ActivIdentity USB SIM working on 64 bit, albeit, only 2 out of 3 times, which is as it used to be and the same as my 32 bit system at home.

I am certain the same problem is with the fedora build.

Find attached 2 gzipped log files which show consecutive runs. 2 out of 3 retrieve the info, the third fails. I ran pkcs11_inspect debug 6 times and every third time, it fails.

The log files are the pcscd -fad output and the pkcs11_inspect debug output.



diff -up ./src/coolkey/object.cpp.cac-1 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.cac-1    2010-06-23 04:46:35.726198827 -0700
+++ ./src/coolkey/object.cpp    2010-06-23 04:47:28.073827862 -0700
@@ -505,6 +505,10 @@ dataStart(const CKYByte *buf, unsigned i
     unsigned char tag;
     unsigned int used_length= 0;
 
+    if(!buf) {
+        return NULL;
+    }
+
     tag = buf[used_length++];
 
     /* blow out when we come to the end */
diff -up ./src/coolkey/slot.cpp.cac-1 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.cac-1    2010-06-23 04:46:22.718371631 -0700
+++ ./src/coolkey/slot.cpp    2010-06-23 04:57:04.417774402 -0700
@@ -2192,6 +2192,10 @@ Slot::readCACCertificateFirst(CKYBuffer
     if (throwException && (status != CKYSUCCESS)) {
         handleConnectionError();
     }
+       
+        if(CKYBuffer_Size(cert) == 0) {
+            handleConnectionError();
+        }
     return status;
     }
 


On Thu, Feb 10, 2011 at 11:26 AM, Lyall Pearce <lyall.pearce@xxxxxxxxx> wrote:

My apologies regarding Gentoo. I have a separate thread "Problems accessing ActivIdentity USB SIM under Gentoo Linux 64 bit on Intel"

It may prove useful that in that thread, in the most recent post by myself, I supplied the pcscd -fad output on the same 32 bit system where one instance failed, then I restored the old coolkey binaries, restarted pcscd -fad  and then re-ran the 'pkcs11_inspect' and it worked.

The differences between the two runs are very minor but the main difference seems to be a 'protocol' value changed from 1 to 0.

Feel free to have a look at that. That thread also identifies the patches that Gentoo applies to the base coolkey, as follows :-
  • cache-dir-move.patch
  • gcc43.patch
  • latest.patch
  • simple-bugs.patch
  • thread-fix.patch
  • cac.patch
  • cac-1.patch
  • pcsc-lite-fix.patch
The individual patches can be found at a  Gentoo distfiles mirror



On Thu, Feb 10, 2011 at 8:03 AM, Robert Relyea <rrelyea@xxxxxxxxxx> wrote:
On 02/09/2011 12:33 PM, Guy wrote:
> Hi,
>
> I'm the one who started this thread but it got slightly derailed and
> biased towards gentoo.
> My systems are Opensuse 11.3 and Fedora14 and the problem I have is
> that I do not get prompted for the PIN when issueing either
> pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either
> of these systems. Pcsc_scan works though, it never complains.
This seems to indicate a problem with the pkcs11 module (probably
coolkey). Is the card you are using an actual CAC card, or one of
ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued
through some other agency than DISA).
>
> My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc
> packages. The Fedora14 system is stock + all automatic updates.
> I run these 2 systems on a Dell Lattitude D830 over the usb port
> (opensuse on a usb disk, fedora on a usb memory stick).
> I plugged the Fedorea usb stick into my home tower pc, with an Asus
> mobo, but the results are the same, so it's not Dell specific.
>
> My home tower pc runs Opensuse 11.0 natively and there it just works
> fine, I'm asked for the PIN and when supplied I get the certificates
> listed.
> The coolkey package, version 1.1.0-79.1, dates from June 2008.
Thanks, this is helpful. How many certs does your card have?

bob
>
> Gtz,
> Guy.



_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel




--
...Lyall




--
...Lyall

Attachment: pcscd-64bit-working-2of3.txt.gz
Description: GNU Zip compressed data

Attachment: pkcs11_inspect-64bit-working-2of3.txt.gz
Description: GNU Zip compressed data

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux