|
|
|
OpenSwan: msg#00024encryption.opensc.user
Hi Christian! Now I remember what we discussed earlier this year. > Now when i use id45 in OpenSwan the wrong cert is taken, > df01c000, not the other one. What would help with those > cards here would be a proper counting of the ids of the > certs where cert df014331 comes up as id46, and the > private-keys are not counted in a row but 45, 47, 48, 50 > (its 45-48 now). This is what 0.10.0 was doing. It violates the spec and causes other problems. > When i the try to access cert id46 and opensc sees there is > no privatekey 46 it counts down till it finds one. > But i have no clue else this would break. The real cause of your problem is OpenSwan. It assumes that a certificate is uniquely identified by its id. The same mistake I made myself. Now when OpenSwan loads certificate 45 it gets the first one and this is not the one you want use with Netkey cards. Actually nobody wants to use those non-personalized certificates that TeleSec puts on their cards. Here's what I might do: I could reorder the certificates in the Netkey emulation such that the user-certificates will be the first to be loaded (if they exist). And the TeleSeec certificate will be loaded last. Unfortunatley I cannot just reorder the entries in the static array that you modified for reasons that are too complicated to explain in this email. Do you know, how OpenSwan selects the certificate? * OpenSC API directly ? * PKCS#11 ? * OpenSSL engine ? How do you specifiy the certificate within the OpenSwan configurations files. Do you use 'id45' or just '45' or '0x45'. Have you ever tried '0:45', '1:45' or '2:45'? Why do you have to read a certificate from your smartcard at all? That's very slow. Maybe OpenSwan can use the correct certificate from a file (much faster) and can use only the private key from your smartcard. Can you specify different sources for your certificate and for your key? You see - I know nothing about OpenSwan but maybe my comments are nevertheless helpfull. Peter _______________________________________________________________ SMS schreiben mit WEB.DE FreeMail - einfach, schnell und kostenguenstig. Jetzt gleich testen! http://f.web.de/?mc=021192 |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: Re: Netkey E4: detect if local pins are already set: 00024, Christian Horn |
|---|---|
| Next by Date: | Re: Dell Smartcard Drivers: 00024, Loránd Jakab |
| Previous by Thread: | PCMCIA-Readeri: 00024, Sebastian Aschenbrenner |
| Next by Thread: | Re: OpenSwan: 00024, Christian Horn |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
|
|
| News | FAQ | advertise |