Opened 2 years ago

Last modified 11 months ago

#1044 new Bug / Defect

pkcs11-id - Cannot deserialize id 19-'CKR_ATTRIBUTE_VALUE_INVALID'

Reported by: hjb Owned by:
Priority: major Milestone: release 2.4.5
Component: Certificates Version: OpenVPN 2.4.5 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: pkcs-id, RFC7512
Cc:

Description

OS: Windows 7
OpenVPN 2.4.5

PKCS#11 IDs exported with option --show-pkcs11-ids using the RFC 7512 UIR scheme are not recognized by --pkcs11-id and throw an error message:
"PKCS#11: Cannot deserialize id 19-'CKR_ATTRIBUTE_VALUE_INVALID'"
IDs with the old scheme as exported with version 2.4.4 are still working.
There seems to be a bug ether with --show-pkcs11-ids or with --pkcs11-id. Or even both!?

Change History (2)

comment:1 Changed 12 months ago by mclei

I am facing this bug in both 2.4.5 and 2.4.6 with Yubikey and ePass2003. Is there any chance to get this fixed? I can sponsor a Yubikey token to the community.

Similar problem is also on Linux, where the special characters needs to be escaped manually.

comment:2 Changed 11 months ago by leiocalyx

Looks related to #1075 (and there is more info in that ticket).
As a workaround, you could manually change the token to the format that is recognised.

Note: See TracTickets for help on using tickets.