Openconnect with PKCS11 on Ubunbtu 12.10

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2012-09-19 at 19:03 +0000, Lee Matthews wrote:
> 
> David Woodhouse <dwmw2 <at> infradead.org> writes:

> Sorry about not posting the URL, 
> the lines longer than 80 character thing was killing me...

So ignore it and post long lines :)

> Here is the URL:
> Using PKCS#11 certificate pkcs11:id=u%deN%e7Oh%0e%c6S%dbA%b0%bc%017%5c%40B%28%c0;object-type=cert;pin-source=openconnect%3a0xb8ce0ee8
> Using PKCS#11 key pkcs11:id=u%deN%e7Oh%0e%c6S%dbA%b0%bc%017%5c%40B%28%c0;object-type=private;pin-source=openconnect%3a0xb8ce0ee8
> Error importing PKCS#11 URL pkcs11:model=1.0;manufacturer=Gnome%20Keyring;token=Gnome2%20Key%20Storage;id=u%deN%e7Oh%0e%c6S%dbA%b0%bc%017%5c%40B%28%c0;object-type=private;pin-source=openconnect%3a0xb8ce0ee8:

OK, so it looks like you specified only the id= part of the URL;
OpenConnect itself added the object-type and pin-source parts.

However, if the private key isn't visible without a login (which I'm
inferring is true since you were trying p11tool --login), looking it up
by its ID doesn't work. You have to specify the token too.

OpenConnect tries to work around this by *guessing* which token it's in.
By looking for a visible *certificate* with the same ID. I'm guessing
there is such a certificate in your GNOME Keyring token?

Try adding an appropriate model= or token= parameter to the URL that you
give on the command line. And if you can send me the output of a working
--list-all-certs command, that might be enlightening. I'd like to know
if OpenConnect is doing something *wrong* when it tries to guess which
token to find the key in.

-- 
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120919/1b9ae82b/attachment-0001.bin>


[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux