Bug 1705505
Summary: | openssl fails with PKCS#11 URIs without module specification | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Stanislav Zidek <szidek> | |
Component: | openssl-pkcs11 | Assignee: | Anderson Sasaki <ansasaki> | |
Status: | CLOSED ERRATA | QA Contact: | Alexander Sosedkin <asosedki> | |
Severity: | medium | Docs Contact: | Jan Fiala <jafiala> | |
Priority: | medium | |||
Version: | 8.0 | CC: | ansasaki, asosedki, mjahoda, szidek | |
Target Milestone: | rc | Keywords: | Triaged | |
Target Release: | 8.2 | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | openssl-pkcs11-0.4.10-1.el8 | Doc Type: | Bug Fix | |
Doc Text: |
.`openssl-pkcs11` no longer locks devices by attempting to log in to multiple devices
Previously, the `openssl-pkcs11` engine attempted to log in to the first result of a search using the provided PKCS #11 URI and used the provided PIN even if the first result was not the intended device and the PIN matched another device. These failed authentication attempts locked the device.
`openssl-pkcs11` now attempts to log in to a device only if the provided PKCS #11 URI matches only a single device. The engine now intentionally fails in case the PKCS #11 search finds more than one device. For this reason, you must provide a PKCS #11 URI that matches only a single device when using `openssl-pkcs11` to log in to the device.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1760751 (view as bug list) | Environment: | ||
Last Closed: | 2020-04-28 16:58:10 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1760751 |
Description
Stanislav Zidek
2019-05-02 12:24:39 UTC
Upstream fix: https://github.com/OpenSC/libp11/pull/303 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1871 |