[Openswan Users] Re: [OpenSC-devel] freeswan with opensc

David Mattes david.mattes at boeing.com
Wed Mar 31 11:03:20 CEST 2004


Andreas Steffen wrote:

> I have a working environment with freeswan-2.04 and x509-1.5.3 running
> on a Linux 2.6.3 kernel. I'm using an Aladdin eToken Pro32k with
> opensc-0.8.1 and openct-0.5.0. Two of my students are currently
> implementing a PKCS#11 interface for strongSwan using a Schlumberger
> Cryptoflex 8k with a serial Reflex Reader and don't report any problems
> either. Nothing special must be configured in OpenSC in order to work
> with Pluto. Can you browse the file structure of your smartcard/token
> using opensc-explorer?
>
I can browse the card, and in fact I'm using the same card with other 
opensc applications successfully (reading certs, signing, verify pin, 
etc.).  hmmm...onto the depths of debugging. 
P.S. Thanks for the nice work!

Thanks,
David

> Kind regards
>
> Andreas
>
> David Mattes wrote:
>
>> Hi,
>>
>> I'm getting errors using freeswan-2.04 with Andreas Steffen's X.509 
>> patch (version 1.4.8) and opensc-20040119 (0.8.1 snapshot).  I've had 
>> this combination working before with earlier versions.  Has anybody 
>> noticed anything breaking lately?  I'm asking before I try to start 
>> debugging it.  From the error messages it looks like 
>> sc_establish_context is not returning any readers.  Could not 
>> declaring ctx = NULL before the call be the problem?
>>
>> snippet from freeswan-2.04/programs/pluto/smartcard.c
>> ===================================================
>> bool
>> scx_establish_context(u_int card_reader)
>> {
>> #ifdef SMARTCARD
>>    int r;
>>
>>    /* establish a context */
>>    r = sc_establish_context(&ctx, "pluto");
>>    if (r)
>>    {
>>    plog("failed to establish context: %s", sc_strerror(r));
>>    return FALSE;
>>    }
>>
>>    /* test if reader card_reader is available */
>>    if (card_reader >= (unsigned int) ctx->reader_count)
>>    {
>>    plog("illegal reader number - only %d reader(s) configured."
>>        , ctx->reader_count);
>>    return FALSE;
>>    }
>> =====================================================
>>
>> pluto errors
>> =====================================================
>> Mar 31 07:52:38 gandalf pluto[3816]:   Warning: empty directory
>> Mar 31 07:52:39 gandalf pluto[3816]: illegal reader number - only 0 
>> reader(s) configured.
>> Mar 31 07:52:39 gandalf pluto[3816]: added connection description 
>> "smartcard"
>> Mar 31 07:52:39 gandalf pluto[3816]: listening for IKE messages
>> Mar 31 07:52:39 gandalf pluto[3816]: adding interface ipsec0/eth2 
>> 130.42.32.235
>> Mar 31 07:52:39 gandalf pluto[3816]: loading secrets from 
>> "/etc/ipsec.secrets"
>> Mar 31 07:52:39 gandalf pluto[3816]: illegal reader number - only 0 
>> reader(s) configured.
>> Mar 31 07:52:39 gandalf pluto[3816]: unable to establish context with 
>> reader: Unknown error
>> Mar 31 07:52:39 gandalf pluto[3816]:   invalid PIN for reader: 0, id: 45
>> ======================================================
>> _______________________________________________
>> OpenSC-devel mailing list
>> OpenSC-devel at opensc.org
>> http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
>
>
>

-- 
-----------------------------------------------------------------------
David Mattes                             The Boeing Company
PO Box 3707  MC 7L-40                    Phantom Works
Seattle, WA  98124-2207                  M&CT
425-865-4166                             Advanced Manufacturing Systems
206-797-6884 (pgr)
425-865-2965 (fax)                       david.mattes at boeing.com




More information about the Users mailing list