Getting "SSL connection failure: PKCS #11 error." even when supplying the correct CA file

David Raison david at tentwentyfour.lu
Wed Sep 20 03:20:13 PDT 2017


Hi Nikos,


On 20/09/17 12:08, Nikos Mavrogiannopoulos wrote:
>> Which means I'm stuck again. I have the same "SSL connection failure:
>> PKCS #11 error" on debian and fedora and I have the exact same
>> segmentation fault.
>> The version of opensc on debian is 0.16.0-3 while the one on fedora is
>> 0.17.0-1fc26
> That doesn't matter as you don't use opensc. Most likely the crash is
> in libgclib.so. Try running the same command under valgrind to verify
> that. In that case, there is not much to do except reporting that to
> the provider of the pkcs11 module (gemalto).

The segfault only occurs when I use the pkcs11-spy module, not when I
don't set LD_PRELOAD and it uses the default token module (libgclib.so)

I could of course throw some additional debugging on this (valgrind,
gdb, etc) but is it really worth the effort? Are we sure it's not a
problem with the configuration or the remote endpoint? (Since I've seen
it work – briefly – in the past).

Regards,
David

-- 
TenTwentyFour S.à r.l.
W: www.tentwentyfour.lu
T: +352 20 211 1024
F: +352 20 211 1023
3 Avenue du Blues
4368 Belvaux


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20170920/b1edc599/attachment.sig>


More information about the openconnect-devel mailing list