[strongSwan] Unable to parse certs on smart card

Tobias Brunner tobias at strongswan.org
Thu Mar 6 12:31:15 CET 2014


Hi Stephen,

>   loaded plugins: charon *pkcs11* aes des rc2 sha1 sha2 md5 random nonce
> *x509* revocation constraints pubkey *pkcs1* pkcs7 pkcs8 pkcs12 pgp
> dnskey sshkey *pem* fips-prf gmp xcbc cmac hmac attr kernel-netlink
> resolve socket-default stroke updown xauth-generic

In general, the order in which plugins are loaded is not important
anymore.  The plugin features provided by each plugin should declare
their dependencies sufficiently.  But there might still be some
scenarios where this is not the case yet.  In particular, the x509
plugin has failed to declare its dependency on the KEY_ANY public key
decoder, so it fails to actually decode the public key.  The last two
commits in the x509-dep-fix branch [1] should address this.

As a workaround, you could try moving the pkcs11 plugin near the end of
the list.

Regards,
Tobias

[1]
http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/x509-deps-fix



More information about the Users mailing list