[strongSwan] Unable to parse certs on smart card

Stephen Wilcox stephen at tyfone.com
Fri Mar 7 02:05:21 CET 2014


Thank you, Tobias!

I merged your changes and was able to connect using only the credentials on
the smart card.

Now I will continue my work of enabling the use of a pkcs11 module on
Android (my company makes a smart card in a microSD).

Cheers,
  Stephen

*--*

*Stephen Wilcox*

*Sr. Software Engineer - Tyfone, Inc.*

*Portland | Bangalore | Taipei*

*www.tyfone.com* <http://www.tyfone.com/>

*Mobile: +1.971.226.3497*


On Thu, Mar 6, 2014 at 4:31 AM, Tobias Brunner <tobias at strongswan.org>wrote:

> Hi Stephen,
>
> >   loaded plugins: charon *pkcs11* aes des rc2 sha1 sha2 md5 random nonce
> > *x509* revocation constraints pubkey *pkcs1* pkcs7 pkcs8 pkcs12 pgp
> > dnskey sshkey *pem* fips-prf gmp xcbc cmac hmac attr kernel-netlink
> > resolve socket-default stroke updown xauth-generic
>
> In general, the order in which plugins are loaded is not important
> anymore.  The plugin features provided by each plugin should declare
> their dependencies sufficiently.  But there might still be some
> scenarios where this is not the case yet.  In particular, the x509
> plugin has failed to declare its dependency on the KEY_ANY public key
> decoder, so it fails to actually decode the public key.  The last two
> commits in the x509-dep-fix branch [1] should address this.
>
> As a workaround, you could try moving the pkcs11 plugin near the end of
> the list.
>
> Regards,
> Tobias
>
> [1]
>
> http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/x509-deps-fix
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20140306/b1022741/attachment.html>


More information about the Users mailing list