[strongSwan] Question regarding smartcard configuration

Thomas Egerer hakke_007 at gmx.de
Wed Dec 23 23:58:37 CET 2015

Hi Marian

On 12/23/2015 11:02 PM, Marian Thieme wrote:
> Hi Tobias
Hope you don't mind me answering :)
> thank you a lot for the assistance ! ... so far =)
> I could partially solve the pkcs11 engine plugin load issue. For some
> reason it only works if I specify plugins statically. Any idea why this
> is the case ? As an attempt I currently load the following modules:
> charon {
> load = aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 curl
> revocation hmac xcbc stroke kernel-netlink socket-default openssl pkcs11
> ...
> }
> Now, unfortunately, the charon aborts after reading the certificates
> from the card. The last logs are:
> Dec 23 22:38:39 00[CFG]     loaded untrusted cert 'Marian Thieme ENC 11'
> Dec 23 22:38:39 00[LIB] failed to load 1 critical plugin feature
> Dec 23 22:38:39 00[DMN] initialization failed - aborting charon
> Do have an idea which feature is meant or what/where to check ?
One of the critical plugin features failed to load. It's amazing
since none of your plugins is marked as critical (has a leading
!-sign). I doubt, it's the untrusted certificate. Try setting the
loglevel for facility cfg to 3 (see [1] for further info, essentially
the line looks like 'cfg = 3'). This should reveal the problem.
Hope that helps.
> [...]


[1] https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20151223/fe8514ca/attachment.pgp>

More information about the Users mailing list