Hi Lyall,
Op 10-02-11 03:50, Lyall Pearce schreef:
Found a major part of the problem.
I post the solution in this thread as my thread seems to be dead.
Get RID of cac-1.patch (patch text given further down), or at least fix the patch.
I now have my ActivIdentity USB SIM working on 64 bit, albeit, only 2 out of 3 times, which is as it used to be and the same as my
32 bit system at home.
I am certain the same problem is with the fedora build.
Could be very good news! I'll test this this evening. I had no time yesterday.
In your pkcs11_inspect output I don't see the "PIN" string, are you prompted for it?
Gtz,
Guy.
Find attached 2 gzipped log files which show consecutive runs. 2 out of 3 retrieve the info, the third fails. I ran pkcs11_inspect
debug 6 times and every third time, it fails.
The log files are the pcscd -fad output and the pkcs11_inspect debug output.
diff -up ./src/coolkey/object.cpp.cac-1 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.cac-1 2010-06-23 04:46:35.726198827 -0700
+++ ./src/coolkey/object.cpp 2010-06-23 04:47:28.073827862 -0700
@@ -505,6 +505,10 @@ dataStart(const CKYByte *buf, unsigned i
unsigned char tag;
unsigned int used_length= 0;
+ if(!buf) {
+ return NULL;
+ }
+
tag = buf[used_length++];
/* blow out when we come to the end */
diff -up ./src/coolkey/slot.cpp.cac-1 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.cac-1 2010-06-23 04:46:22.718371631 -0700
+++ ./src/coolkey/slot.cpp 2010-06-23 04:57:04.417774402 -0700
@@ -2192,6 +2192,10 @@ Slot::readCACCertificateFirst(CKYBuffer
if (throwException && (status != CKYSUCCESS)) {
handleConnectionError();
}
+
+ if(CKYBuffer_Size(cert) == 0) {
+ handleConnectionError();
+ }
return status;
}
On Thu, Feb 10, 2011 at 11:26 AM, Lyall Pearce <lyall.pearce@xxxxxxxxx <mailto:lyall.pearce@xxxxxxxxx>> wrote:
My apologies regarding Gentoo. I have a separate thread "Problems accessing ActivIdentity USB SIM under Gentoo Linux 64 bit on
Intel"
It may prove useful that in that thread, in the most recent post by myself, I supplied the pcscd -fad output on the same 32 bit
system where one instance failed, then I restored the old coolkey binaries, restarted pcscd -fad and then re-ran the
'pkcs11_inspect' and it worked.
The differences between the two runs are very minor but the main difference seems to be a 'protocol' value changed from 1 to 0.
Feel free to have a look at that. That thread also identifies the patches that Gentoo applies to the base coolkey, as follows :-
* cache-dir-move.patch
* gcc43.patch
* latest.patch
* simple-bugs.patch
* thread-fix.patch
* cac.patch
* cac-1.patch
* pcsc-lite-fix.patch
The individual patches can be found at a Gentoo distfiles mirror
<http://mirror.internode.on.net/pub/gentoo/distfiles/coolkey-patches-20101024.tar.gz>
On Thu, Feb 10, 2011 at 8:03 AM, Robert Relyea <rrelyea@xxxxxxxxxx <mailto:rrelyea@xxxxxxxxxx>> wrote:
On 02/09/2011 12:33 PM, Guy wrote:
> Hi,
>
> I'm the one who started this thread but it got slightly derailed and
> biased towards gentoo.
> My systems are Opensuse 11.3 and Fedora14 and the problem I have is
> that I do not get prompted for the PIN when issueing either
> pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either
> of these systems. Pcsc_scan works though, it never complains.
This seems to indicate a problem with the pkcs11 module (probably
coolkey). Is the card you are using an actual CAC card, or one of
ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued
through some other agency than DISA).
>
> My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc
> packages. The Fedora14 system is stock + all automatic updates.
> I run these 2 systems on a Dell Lattitude D830 over the usb port
> (opensuse on a usb disk, fedora on a usb memory stick).
> I plugged the Fedorea usb stick into my home tower pc, with an Asus
> mobo, but the results are the same, so it's not Dell specific.
>
> My home tower pc runs Opensuse 11.0 natively and there it just works
> fine, I'm asked for the PIN and when supplied I get the certificates
> listed.
> The coolkey package, version 1.1.0-79.1, dates from June 2008.
Thanks, this is helpful. How many certs does your card have?
bob
>
> Gtz,
> Guy.
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx <mailto:Coolkey-devel@xxxxxxxxxx>
https://www.redhat.com/mailman/listinfo/coolkey-devel
--
...Lyall
--
...Lyall
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
