[strongSwan] strongSwan with "FEITIAN PKI card"

Martin Willi martin at strongswan.org
Thu Nov 18 09:04:24 CET 2010


Hi Peter,

> I have applied your patch and it solves the seg fault.

>     openSC {
>        path = /usr/lib/opensc-pkcs11.so
>        os_locking=yes

I have checked in an additional patch that fixes the root cause of this
segfault. OpenSC does not get a copy of the passed callback function
args, so we declare them static now.

> charon can't read the secret key from the card.

> loading secrets from '/etc/ipsec.secrets'
> C_GetAttributeValue(NULL) error: ATTRIBUTE_TYPE_INVALID

Another unsupported attribute for Cryptoki version 2.01. The
CKA_ALWAYS_AUTHENTICATE attribute was introduced with 2.20. The attached
patch disables the attribute for Versions < 2.20.

Regards
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Use-static-args-for-C_Initialize-OpenSC-does-not-get.patch
Type: text/x-patch
Size: 1918 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101118/2f4e3b9f/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Do-not-query-for-CKA_ALWAYS_AUTHENTICATE-if-PKCS-11-.patch
Type: text/x-patch
Size: 2760 bytes
Desc: not available
URL: <http://lists.strongswan.org/pipermail/users/attachments/20101118/2f4e3b9f/attachment-0001.bin>


More information about the Users mailing list