[strongSwan] Question regarding smartcard configuration
Marian Thieme
marian.thieme at gmail.com
Tue Dec 22 23:32:26 CET 2015
Hello Tobias !
On 12/22/15 08:45, Tobias Brunner wrote:
> Hi Marian,
>
>> Dec 21 23:17:46 13[CFG] loading secrets from '/usr/local/etc/ipsec.secrets'
>> Dec 21 23:17:46 13[LIB] engine 'opensc' is not available
>
> This message is logged by the openssl plugin, not the pkcs11 plugin.
Does it mean, that openssl is used to access card ? ... and that openssl
is required to be able to load engine_pkcs11 ? (as described here:
https://github.com/OpenSC/engine_pkcs11/blob/master/README.md)
> You should check the beginning of the log, is the plugin loaded and the
> opensc module initialized properly? The plugin should also load the
> certificates from the token, which you should see in `ipsec listcerts`.
I can see that the openssl module itself is loaded:
Dec 22 21:35:51 00[LIB] plugin 'openssl': loaded successfully
and a number of 'features' as well:
Dec 22 21:35:51 00[LIB] loading feature CUSTOM:libcharon in plugin 'charon'
Dec 22 21:35:51 00[LIB] loading feature NONCE_GEN in plugin 'nonce'
Dec 22 21:35:51 00[LIB] loading feature RNG:RNG_WEAK in plugin 'openssl'
...
However, I cannot see that opensc module (as I named it in the
strongswan.conf) is initialized. I see simply nothing about the
initialization procedure.
Just a note: if I specify simply
: PIN %smartcard:1234 %prompt
It says:
Dec 22 21:37:33 01[LIB] engine 'pkcs11' is not available
What could this mean ? Does my openssl lib is missing something ?
Is it possible that the respective configuration
(libstrongswan.plugins.pkcs11.modules.<name>.path) is not read by
strongswan or my definition is defect ?
Without of suprise the command `ipsec listcerts` does not return anything.
More information about the Users
mailing list