1242469 – pkcs11-helper doesn't support pkcs #11 URLs

Bug 1242469 - pkcs11-helper doesn't support pkcs #11 URLs

Summary: pkcs11-helper doesn't support pkcs #11 URLs

Keywords:
Status:	CLOSED DUPLICATE of bug 1173554
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pkcs11-helper
Sub Component:
Version:	22
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Kalev Lember
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	PKCS11
TreeView+	depends on / blocked

Reported:	2015-07-13 12:03 UTC by Nikos Mavrogiannopoulos
Modified:	2015-07-13 13:42 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-07-13 13:42:30 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nikos Mavrogiannopoulos 2015-07-13 12:03:02 UTC

Description of problem:
pkcs11-helper uses a custom format to specify objects in a token. However, in Fedora we use the standardized (RFC7512) PKCS #11 URLs to specify objects in tokens across applications [0], It seems that pkcs11-helper is one of the last PKCS #11 helper libraries which doesn't support these URLs, creating islands of applications which don't understand them.

There is already a patch to upstream:
https://github.com/OpenSC/pkcs11-helper/issues/5

[0]. https://fedoraproject.org/wiki/Packaging:SSLCertificateHandling

Comment 1 David Woodhouse 2015-07-13 13:42:30 UTC

Actually I think I already fixed this as bug 1173554.

I'm not sure we've got to the point where OpenVPN actually *works* yet though.
OpenSC still craps itself on fork, p11-kit-proxy still deadlocks, and pkcs11-helper still violates POSIX by doing forbidden things from an atfork handler.

*** This bug has been marked as a duplicate of bug 1173554 ***

Note You need to log in before you can comment on or make changes to this bug.