read cert from smart card
David Woodhouse
dwmw2 at infradead.org
Thu Feb 25 04:00:33 PST 2016
On Thu, 2016-02-25 at 13:39 +0200, Mithat Bozkurt wrote:
>
> BTW I am getting e-mail with subject is " Your message to p11-glue
> awaits moderator approval" from p11-glue.
It might be one of those horrid lists which require you to subscribe
before you post to it.
Or maybe it just hates you for top-posting. :)
> Do I remove the p11-glue from recipients or remain same?
Let's drop it. I think the interesting part for now is in p11tool
(which is part of GnuTLS and hence Nikos' problem) rather than p11-kit
itself.
Try extracting your cert with OpenSC's pkcs11-tool instead:
pkcs11-tool -module /usr/lib/libakisp11.so -l -a 62917107586NES0 -y cert -r -o nescert.der
openssl x509 -inform DER -in nescert.der -noout -text
When that doesn't work, install the pkcs11-spy module (which on Fedora
would be /usr/lib64/pkcs11/pkcs11-spy.so). Then:
export PKCS11SPY=/usr/lib/libakisp11.so
and repeat the p11tool/pkcs11-tool invocations to extract the cert, but
using pkcs11-spy.so as the provider instead of (directly) using the
akis module. Show the full output of those commands.
--
dwmw2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5691 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20160225/99a7cd6b/attachment-0001.bin>
More information about the openconnect-devel
mailing list