Created attachment 972674 [details] PKCS #11 spy log file Trying to write a certificate in a softhsm db with CKA_TRUSTED fails with: P11Attributes.cpp(407): A trusted certificate cannot be modified How reproducible: 1. cat >config directories.tokendir = db objectstore.backend = file 2. export SOFTHSM2_CONF=config 3. mkdir db 4. softhsm2-util --init-token --slot 0 --label test --so-pin 1234 --pin 1234 5. p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --mark-trusted --load-certificate any-cert.pem --label test --so-login Output: Error writing certificate: PKCS #11 error in attribute Expected Output: Success. Writing the same certificate without the mark-trusted flag works fine. This seems to be a regression from version 1, as this use case works properly with softhsmv1 in F20.
Reported upstream as: https://issues.opendnssec.org/browse/SUPPORT-151
Fix available at: https://github.com/opendnssec/SoftHSMv2/pull/102
Still present in F22. It is fixed upstream in SoftHSM 2.0.0b3.
usptream is about to release 2.0.0 final. If that does not happen within the next week, I'll update the current 2.0.0b3
BTW latest release is 2.0.0rc1.
There was no final release done so far. Please update to 2.0.0rc1 which fixes all known bugs.
Is there any reason this fix is not backported?
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
softhsm-2.1.0-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-c43dd0091f
softhsm-2.1.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-376bda6d1d
softhsm-2.1.0-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c43dd0091f
softhsm-2.1.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-376bda6d1d
softhsm-2.1.0-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
softhsm-2.1.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.