Without using debugging tools you most likely never find the culprit. From you previous logs, the client fails at signing with rsa-sha512. A long shot may be that there is a buffer overflow somewhere due to sha512. Have you tried eliminating this signing algorithm from server (or client)? On September 20, 2017 12:20:13 PM GMT+02:00, David Raison <david at tentwentyfour.lu> wrote: >Hi Nikos, > > >On 20/09/17 12:08, Nikos Mavrogiannopoulos wrote: >>> Which means I'm stuck again. I have the same "SSL connection >failure: >>> PKCS #11 error" on debian and fedora and I have the exact same >>> segmentation fault. >>> The version of opensc on debian is 0.16.0-3 while the one on fedora >is >>> 0.17.0-1fc26 >> That doesn't matter as you don't use opensc. Most likely the crash is >> in libgclib.so. Try running the same command under valgrind to verify >> that. In that case, there is not much to do except reporting that to >> the provider of the pkcs11 module (gemalto). > >The segfault only occurs when I use the pkcs11-spy module, not when I >don't set LD_PRELOAD and it uses the default token module (libgclib.so) > >I could of course throw some additional debugging on this (valgrind, >gdb, etc) but is it really worth the effort? Are we sure it's not a >problem with the configuration or the remote endpoint? (Since I've seen >it work ? briefly ? in the past). > >Regards, >David -- Sent from my mobile. Please excuse my brevity.
