Re: Coolkey use problems on Fedora 14 (no token available)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Lyall,

Op 10-02-11 03:50, Lyall Pearce schreef:
Found a major part of the problem.

I post the solution in this thread as my thread seems to be dead.

Get RID of cac-1.patch (patch text given further down), or at least fix the patch.

I now have my ActivIdentity USB SIM working on 64 bit, albeit, only 2 out of 3 times, which is as it used to be and the same as my
32 bit system at home.

I am certain the same problem is with the fedora build.

Could be very good news! I'll test this this evening. I had no time yesterday.

In your pkcs11_inspect output I don't see the "PIN" string, are you prompted for it?


Find attached 2 gzipped log files which show consecutive runs. 2 out of 3 retrieve the info, the third fails. I ran pkcs11_inspect
debug 6 times and every third time, it fails.

The log files are the pcscd -fad output and the pkcs11_inspect debug output.

diff -up ./src/coolkey/object.cpp.cac-1 ./src/coolkey/object.cpp
--- ./src/coolkey/object.cpp.cac-1    2010-06-23 04:46:35.726198827 -0700
+++ ./src/coolkey/object.cpp    2010-06-23 04:47:28.073827862 -0700
@@ -505,6 +505,10 @@ dataStart(const CKYByte *buf, unsigned i
      unsigned char tag;
      unsigned int used_length= 0;

+    if(!buf) {
+        return NULL;
+    }
      tag = buf[used_length++];

      /* blow out when we come to the end */
diff -up ./src/coolkey/slot.cpp.cac-1 ./src/coolkey/slot.cpp
--- ./src/coolkey/slot.cpp.cac-1    2010-06-23 04:46:22.718371631 -0700
+++ ./src/coolkey/slot.cpp    2010-06-23 04:57:04.417774402 -0700
@@ -2192,6 +2192,10 @@ Slot::readCACCertificateFirst(CKYBuffer
      if (throwException && (status != CKYSUCCESS)) {
+        if(CKYBuffer_Size(cert) == 0) {
+            handleConnectionError();
+        }
      return status;

On Thu, Feb 10, 2011 at 11:26 AM, Lyall Pearce <lyall.pearce@xxxxxxxxx <mailto:lyall.pearce@xxxxxxxxx>> wrote:

      My apologies regarding Gentoo. I have a separate thread "Problems accessing ActivIdentity USB SIM under Gentoo Linux 64 bit on

    It may prove useful that in that thread, in the most recent post by myself, I supplied the pcscd -fad output on the same 32 bit
    system where one instance failed, then I restored the old coolkey binaries, restarted pcscd -fad  and then re-ran the
    'pkcs11_inspect' and it worked.

    The differences between the two runs are very minor but the main difference seems to be a 'protocol' value changed from 1 to 0.

    Feel free to have a look at that. That thread also identifies the patches that Gentoo applies to the base coolkey, as follows :-

        * cache-dir-move.patch
        * gcc43.patch
        * latest.patch
        * simple-bugs.patch
        * thread-fix.patch
        * cac.patch
        * cac-1.patch
        * pcsc-lite-fix.patch

    The individual patches can be found at a Gentoo distfiles mirror

    On Thu, Feb 10, 2011 at 8:03 AM, Robert Relyea <rrelyea@xxxxxxxxxx <mailto:rrelyea@xxxxxxxxxx>> wrote:

        On 02/09/2011 12:33 PM, Guy wrote:
         > Hi,
         > I'm the one who started this thread but it got slightly derailed and
         > biased towards gentoo.
         > My systems are Opensuse 11.3 and Fedora14 and the problem I have is
         > that I do not get prompted for the PIN when issueing either
         > pkcs11_inspect or pkcs11_listcerts. I've never seen it work on either
         > of these systems. Pcsc_scan works though, it never complains.
        This seems to indicate a problem with the pkcs11 module (probably
        coolkey). Is the card you are using an actual CAC card, or one of
        ActiveCard's 'CAC-Like' (where they use the CAC applet, but issued
        through some other agency than DISA).
         > My Opensuse 11.3 bears all the latest pcsc-lite, opensc, coolkey, etc
         > packages. The Fedora14 system is stock + all automatic updates.
         > I run these 2 systems on a Dell Lattitude D830 over the usb port
         > (opensuse on a usb disk, fedora on a usb memory stick).
         > I plugged the Fedorea usb stick into my home tower pc, with an Asus
         > mobo, but the results are the same, so it's not Dell specific.
         > My home tower pc runs Opensuse 11.0 natively and there it just works
         > fine, I'm asked for the PIN and when supplied I get the certificates
         > listed.
         > The coolkey package, version 1.1.0-79.1, dates from June 2008.
        Thanks, this is helpful. How many certs does your card have?

         > Gtz,
         > Guy.

        Coolkey-devel mailing list
        Coolkey-devel@xxxxxxxxxx <mailto:Coolkey-devel@xxxxxxxxxx>



Coolkey-devel mailing list

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux