Description of problem: pkcs11-tool should explicitly set CKA_PRIVATE to "false" for certificates and public keys, since the PKCS#11 spec doesn't specify a default and some drivers use "private" as the default, making it impossible to add a public key/cert using pkcs11-tool. The patch is available upstream at https://github.com/OpenSC/OpenSC/commit/4df35b922c8eb7e0776a23260b65e570b33e4d42 Version-Release number of selected component (if applicable): How reproducible: Write a certificate to the softhsm2 PKCS#11 module and try to read it without login in Steps to Reproduce: 1. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --slot 0 -w ./cert.der -y cert -l 2. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so --slot 0 -O Actual results: - nothing- Expected results: Certificate Object, type = X.509 cert - plus additional data -
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
I am actually building this update.
opensc-0.15.0-6.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-efb513eaf3
opensc-0.15.0-6.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.