Bug 1242469

Summary: pkcs11-helper doesn't support pkcs #11 URLs
Product: [Fedora] Fedora Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: pkcs11-helperAssignee: Kalev Lember <kalevlember>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dwmw2, kalevlember
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-13 13:42:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1173546    

Description Nikos Mavrogiannopoulos 2015-07-13 12:03:02 UTC 
Description of problem:
pkcs11-helper uses a custom format to specify objects in a token. However, in Fedora we use the standardized (RFC7512) PKCS #11 URLs to specify objects in tokens across applications [0], It seems that pkcs11-helper is one of the last PKCS #11 helper libraries which doesn't support these URLs, creating islands of applications which don't understand them.

There is already a patch to upstream:
https://github.com/OpenSC/pkcs11-helper/issues/5

[0]. https://fedoraproject.org/wiki/Packaging:SSLCertificateHandling
Comment 1 David Woodhouse 2015-07-13 13:42:30 UTC 
Actually I think I already fixed this as bug 1173554.

I'm not sure we've got to the point where OpenVPN actually *works* yet though.
OpenSC still craps itself on fork, p11-kit-proxy still deadlocks, and pkcs11-helper still violates POSIX by doing forbidden things from an atfork handler.

*** This bug has been marked as a duplicate of bug 1173554 ***