Dear list,
I'm trying to use stunnel on Windows with an USB token (`CryptoMate' from ACS).
However, I can't manage to make stunnel ask for the token PIN:
o Loading the private key works if I specify the PIN in the configuration file (`engineCtrl = PIN:...').
o If there is no `PIN' engine control option in the configuration file, loading the private key fails. The log message are:
error stack: 26096080 : error:26096080:engine routines:ENGINE_load_private_key:failed loading private key error stack: 800050A0 : error:800050A0:Vendor defined:PKCS11_login:PIN incorrect
Do I have to add a special engine control option to the configuration file in order to get asked for the PIN or is it intended to `just work'?
Ludolf
Ludolf Holzheid wrote:
error stack: 26096080 : error:26096080:engine routines:ENGINE_load_private_key:failed loading private key error stack: 800050A0 : error:800050A0:Vendor defined:PKCS11_login:PIN incorrect
Do I have to add a special engine control option to the configuration file in order to get asked for the PIN or is it intended to `just work'?
There is no need to add any special options. It worked since stunnel 4.18, and I have tested it with some other tokens.
I guess you have the problem with the engine-pkcs11-0.1.4 bug introduced by Andreas Hasenack: http://www.opensc-project.org/engine_pkcs11/changeset/54 I guess Andreas was reading sources of OpenSSL sample applications and incorrectly assumed that any other application is expected to use the same structure for user callback data.
The problem was already reported to OpenSC developers: http://www.opensc-project.org/engine_pkcs11/ticket/11
Best regards, Mike
On Fri, 2007-12-14 12:27:43 +0100, Michal Trojnara wrote:
Ludolf Holzheid wrote:
Do I have to add a special engine control option to the configuration file in order to get asked for the PIN or is it intended to `just work'?
There is no need to add any special options. It worked since stunnel 4.18, and I have tested it with some other tokens.
I guess you have the problem with the engine-pkcs11-0.1.4 bug introduced by Andreas Hasenack:
Ah, this is a problem of the engine_pkcs11 dll. (And indeed, I use engine_pkcs11 0.1.4.)
I'll try patching engine_pkcs11.
Thanks a lot.
Ludolf
-
Ludolf Holzheid -
Michal Trojnara