Openconnect supporting SafeNet eToken 5300

Pavel Gavronsky kamm555 at hotmail.com
Thu Aug 4 05:43:41 PDT 2022


Hello, Dimitri,

I would like to renew the thread if possible.

I made several changes/upgradeds/etc and now the picture is a little differ. Can you suggest how can I debug this:

Good Example (openconnect using SmartCard, several initial lines):

# /usr/local/sbin/openconnect --protocol=pulse xxx.xxx.xxx.xxx:443/xxx --servercert "pin-sha256:25xxwM=" -c 'pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9' -vvv
gnutls[2]: Enabled GnuTLS 3.7.1 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
Attempting to connect to server xxx.xxx.xxx.xxx:443
Connected to xxx.xxx.xxx.xxx:443
Using PKCS#11 certificate pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9;type=cert
gnutls[2]: Initializing all PKCS #11 modules
gnutls[2]: p11: Initializing module: p11-kit-trust
gnutls[2]: p11: Initializing module: opensc
gnutls[2]: p11: Initializing module: opensc-pkcs11
gnutls[2]: p11: Initializing module: softhsm2
gnutls[3]: ASSERT: ../../lib/pkcs11.c[compat_load]:896
gnutls[2]: p11: No login requested.
Trying PKCS#11 key URL pkcs11:model=eToken;serial=02345aac;object=15833D4D0138E8F9;type=private
PIN required for GSTEST
Enter PIN:
gnutls[2]: p11: Login result = ok (0)
gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[gnutls_pkcs11_privkey_import_url]:561
gnutls[2]: p11: No login requested.
Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02345aac;token=GSTEST;object=15833D4D0138E8F9;type=private
gnutls[2]: p11: Login result = ok (0)
gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[gnutls_pkcs11_privkey_import_url]:561
Trying PKCS#11 key URL pkcs11:model=eToken;manufacturer=SafeNet%2C%20Inc.;serial=02345aac;token=GSTEST;id=%3Bdfgsdfv96%B1%32%2C%88%52;type=private
gnutls[2]: p11: Login result = ok (0)


 Good Example (openconnect using USB SafeNet eToken 5300, several initial lines):

/usr/local/sbin/openconnect --protocol=pulse xxx.xxx.xxx.xxx:443/xxx --servercert "pin-sha256:25xxwM" -c 'pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available' -vvvv
gnutls[2]: Enabled GnuTLS 3.7.1 logging...
gnutls[2]: getrandom random generator was detected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: unable to access: /etc/gnutls/config: 2
Attempting to connect to server xxx.xxx.xxx.xxx:443
Connected to xxx.xxx.xxx.xxx:443
Using PKCS#11 certificate pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=cert
gnutls[2]: Initializing all PKCS #11 modules
gnutls[2]: p11: Initializing module: p11-kit-trust
gnutls[2]: p11: Initializing module: opensc
gnutls[2]: p11: Initializing module: opensc-pkcs11
gnutls[2]: p11: Initializing module: softhsm2
gnutls[3]: ASSERT: ../../lib/pkcs11.c[compat_load]:896
gnutls[2]: p11: No login requested.
Trying PKCS#11 key URL pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=private
PIN required for Pavel Gavronsky
Enter PIN:
gnutls[2]: p11: Login result = ok (0)
Using PKCS#11 key pkcs11:model=ID%20Prime%20MD;serial=09E850133ABF3E39;object=No%20Friendly%20Name%20Available;type=private
gnutls[3]: ASSERT: ../../lib/pkcs11_privkey.c[_gnutls_pkcs11_privkey_sign]:416
gnutls[3]: ASSERT: ../../lib/privkey.c[privkey_sign_and_hash_data]:1300
Error signing test data with private key: PKCS #11 error. <------------------------------------------------- How can I debug this error?
Loading certificate failed. Aborting.
Failed to complete authentication


Thank you in advance,
Pavel


More information about the openconnect-devel mailing list