Openconnect supporting SafeNet eToken 5300
Pavel Gavronsky
kamm555 at hotmail.com
Wed Jun 29 02:51:06 PDT 2022
Dimitry, many thanks,
gnutls-dev was missing. It's strange, because I compiled the previous v8.10 build on this machine.
Now I can compare the debug logs.
With GnuTLS it looks better in v.9.00, at least there is a step of asking the Token PIN. But it failed. May I ask you to look...
Old v.8.10 LOGs:
(p11-kit:7409) sys_C_GetTokenInfo: in
(p11-kit:7409) sys_C_GetTokenInfo: out: 0x0
gnutls[2]: p11: No login requested.
Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02xxxeb42;token=GSTEST01;id=%B6%XXXXXXXX%5C%0C%FD%7E;object=No%20Friendly%20Name%20Available;type=private
(p11-kit:7409) sys_C_GetSlotList: in
(p11-kit:7409) sys_C_GetSlotList: out: 0x0
(p11-kit:7409) sys_C_GetTokenInfo: in
(p11-kit:7409) sys_C_GetTokenInfo: out: 0x0
PIN required for GSTEST01
Enter PIN:
gnutls[2]: p11: Login result = ok (0)
(p11-kit:7409) sys_C_GetSlotList: in
(p11-kit:7409) sys_C_GetSlotList: out: 0x0
(p11-kit:7409) sys_C_GetTokenInfo: in
(p11-kit:7409) sys_C_GetTokenInfo: out: 0x0
Using PKCS#11 key pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02xxx42;token=GSTEST01;id=%B6%A2%74%B2xxxxxxxxxx%D6%5C%0C%FD%7E;object=No%20Friendly%20Name%20Available;type=private
Using client certificate 'xxxx xxx\ '
(p11-kit:7409) sys_C_GetSlotList: in
New v9.00 LOGs:
(p11-kit:8449) sys_C_GetTokenInfo: in
(p11-kit:8449) sys_C_GetTokenInfo: out: 0x0
gnutls[2]: p11: No login requested.
gnutls[2]: p11: Skipped object, missing attrs. <------------------------------------------------- looks like some kind of ERROR
gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2261
gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2222
gnutls[3]: ASSERT: ../../lib/pkcs11.c[gnutls_pkcs11_obj_import_url]:2350
gnutls[3]: ASSERT: ../../lib/pkcs11.c[_gnutls_x509_crt_import_pkcs11_url]:3613
(p11-kit:8449) sys_C_GetSlotList: in
(p11-kit:8449) sys_C_GetSlotList: out: 0x0
(p11-kit:8449) sys_C_GetTokenInfo: in
(p11-kit:8449) sys_C_GetTokenInfo: out: 0x0
PIN required for xxx
Enter PIN:
gnutls[2]: p11: Login result = ok (0)
gnutls[2]: p11: Skipped object, missing attrs. <------------------------------------------------- looks like some kind of ERROR
gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2261
gnutls[3]: ASSERT: ../../lib/pkcs11.c[find_single_obj_cb]:2222
gnutls[3]: ASSERT: ../../lib/pkcs11.c[gnutls_pkcs11_obj_import_url]:2350
gnutls[3]: ASSERT: ../../lib/pkcs11.c[_gnutls_x509_crt_import_pkcs11_url]:3613
Error loading certificate from PKCS#11: The requested data were not available.
Loading certificate failed. Aborting.
Failed to complete authentication
(p11-kit:8449) uninit_common: uninitializing library
(p11-kit:8449) uninit_common: uninitializing library
Regards,
Pavel
From: Dimitri Papadopoulos Orfanos <dimitri.papadopoulos at cea.fr>
Sent: Wednesday, June 29, 2022 10:57 AM
To: Pavel Gavronsky <kamm555 at hotmail.com>
Cc: openconnect-devel at lists.infradead.org <openconnect-devel at lists.infradead.org>
Subject: Re: Openconnect supporting SafeNet eToken 5300
Please make sure the GnuTLS dev packages are installed. OpenConnect will
build against GnuTLS by default, provided the dev packages are installed:
$ configure --help
[...]
--without-gnutls Do not attempt to use GnuTLS; use OpenSSL instead
--with-openssl Location of OpenSSL build dir
[...]
$
Dimitri
Le 29/06/2022 à 10:52, Pavel Gavronsky a écrit :
> Thank you, Dimitri,
>
> I used the proposed way to build, how can I do it stating the usage of
> GnuTLS?
>
> Regards,
> Pavel
More information about the openconnect-devel
mailing list