id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc 374,problem reading smart card.,dremspider,,"I have an Athena pkcs11 card that has been written with OpenSC. It works fine to VPN in using viscosity on Windows, but I can't get it to work under Ubuntu to save my life. At this point, I think it is a bug but I could be wrong. When I try to connect it seems like it isn't recognizing that my card is plugged in. Here is what I have: thinklinux@thinklinux:~/VPN$ openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so The following objects are available for use. Each object shown below may be used as parameter to --pkcs11-id option please remember to use single quote mark. Certificate DN: Serial: 1004 Serialized id: OpenSC\x20Project/PKCS\x2315/0C0A54802107180B/dlohin\x20\x28dlohin\x29/A42A746534A27DEA51418246DABE3F6B111835BB I copy this information and add it to the config file pkcs11-providers /usr/lib/libopensc-pkcs11.so pkcs11-id 'OpenSC\x20Project/PKCS\x2315/0C0A54802107180B/dlohin\x20\x28dlohin\x29/A42A746534A27DEA51418246DABE3F6B111835BB' When I try to connect: thinklinux@thinklinux:~/VPN$ openvpn --config lohinlan.ovpn Sun Feb 16 15:48:57 2014 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013 Sun Feb 16 15:48:57 2014 PKCS#11: Adding PKCS#11 provider '/usr/lib/libopensc-pkcs11.so' Sun Feb 16 15:48:57 2014 PKCS#11: Cannot initialize provider '/usr/lib/libopensc-pkcs11.so' 6-'CKR_FUNCTION_FAILED' Sun Feb 16 15:48:57 2014 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables NEED-OK|token-insertion-request|Please insert dlohin (dlohin) token: NEED-OK|token-insertion-request|Please insert dlohin (dlohin) token:ok NEED-OK|token-insertion-request|Please insert dlohin (dlohin) token:ok NEED-OK|token-insertion-request|Please insert dlohin (dlohin) token:ca Sun Feb 16 15:51:15 2014 PKCS#11: Cannot get certificate object Sun Feb 16 15:51:15 2014 PKCS#11: Cannot get certificate object Sun Feb 16 15:51:15 2014 PKCS#11: Unable get rsa object Sun Feb 16 15:51:15 2014 Cannot load certificate ""OpenSC\x20Project/PKCS\x2315/0C0A54802107180B/dlohin\x20\x28dlohin\x29/A42A746534A27DEA51418246DABE3F6B111835BB"" using PKCS#11 interface Sun Feb 16 15:51:15 2014 Error: private key password verification failed Sun Feb 16 15:51:15 2014 Exiting Looking at the documentation it looks like it is waiting for me to insert the card. Running ""pcscd -afd"" you see that the card is in (I just pulled it and put it back in"" 00000028 eventhandler.c:387:EHStatusHandlerThread() Card inserted into Lenovo Integrated Smart Card Reader 00 00 00000025 Card ATR: 3B D6 18 00 81 B1 80 7D 1F 03 80 51 00 61 10 30 8F When I do the extra verb 9 option: 179-'CKR_SESSION_HANDLE_INVALID' Sun Feb 16 15:51:53 2014 us=827234 PKCS#11: __pkcs11h_certificate_loadCertificate return rv=179-'CKR_SESSION_HANDLE_INVALID' Sun Feb 16 15:51:53 2014 us=827243 PKCS#11: _pkcs11h_certificate_resetSession entry certificate=0x7f0ec315e790, public_only=1, session_mutex_locked=0 Sun Feb 16 15:51:53 2014 us=827256 PKCS#11: _pkcs11h_session_login entry session=0x7f0ec31667b0, is_publicOnly=1, readonly=1, user_data=(nil), mask_prompt=00000003 Sun Feb 16 15:51:53 2014 us=827266 PKCS#11: _pkcs11h_session_logout entry session=0x7f0ec31667b0 Sun Feb 16 15:51:53 2014 us=827275 PKCS#11: _pkcs11h_session_logout return Sun Feb 16 15:51:53 2014 us=827284 PKCS#11: _pkcs11h_session_reset entry session=0x7f0ec31667b0, user_data=(nil), mask_prompt=00000003, p_slot=0x7fff2c953088 Sun Feb 16 15:51:53 2014 us=827293 PKCS#11: _pkcs11h_session_reset Expected token manufacturerID='OpenSC Project' model='PKCS#15', serialNumber='0C0A54802107180B', label='dlohin (dlohin)' Sun Feb 16 15:51:53 2014 us=827303 PKCS#11: Calling token_prompt hook for 'dlohin (dlohin)' You can see that it looks like it is passing in the correct information.. At least I think it is correct. At this point either I am doing something wrong or this is some weird bug. Maybe it is something wrong with my configuration? ",Bug / Defect,closed,major,,Generic / unclassified,OpenVPN 2.2.1 (Community Ed),"Not set (select this one, unless your'e a OpenVPN developer)",fixed-external,volunteer,