On Tue, 2016-12-13 at 12:02 -0800, Mike Miller wrote: > On Tue, Dec 13, 2016 at 16:28:38 +0000, David Woodhouse wrote: > > I've added a certificate torture test suite and fixed a number of the > > bugs it showed with various esoteric (and not so esoteric) file > > formats. Distributors, please ensure you run 'make check' in your > > package build, and chase up any failures caused by the libraries you're > > building against. > > I am unable to get `auth-pkcs11` to pass. The first problem is the > hardcoded Fedora path in tests/.config/pkcs11/modules/softhsm2.module. We might do better on IRC to work through this... Is SoftHSM installed correctly with a p11-kit .module file in /usr/share/p11-kit/modules/softhsm.module (or I suppose that should be $(pkgconfig --variable=p11_module_configs p11-kit-1)/softhsm.module ? If not, we probably want to file a bug against it because it won't show up in applications by default. > After fixing that for my system (/usr/lib/softhsm/libsofthsm2.so), the > test fails with: > > Connecting to obtain cookie (token openconnect-test key object=RSA)... error in setrlimit(1024): Operation not permitted > p11-kit: softhsm2: module failed to initialize, skipping: Internal error > Error loading certificate from PKCS#11: The requested data were not available. Hm, is SoftHSM working at all, as packaged? Is it the setrlimit which is causing a hard failure, or something else? -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5760 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20161213/b676aa51/attachment.bin>
