Red Hat Bugzilla – Bug 1283305
[RFE] export all C_* functions in pkcs11-spy
Last modified: 2017-01-25 10:53:20 EST
Description of problem:
Header files distributed with PKCS#11 v2.30 define all functions as extern and some applications (like BIND 9.10) do not work without all functions being exported.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
0. configure PKCS#11 provider of your choice and try to use it with pkcs11spy & BIND-pkcs11 build
1. $ yum install bind-pkcs11-utils
2. $ export PKCS11_PROVIDER=/usr/lib64/pkcs11/pkcs11-spy.so
3. $ export PKCS11SPY=/path/to/your/pkcs11/provider.so
4. $ pkcs11-list
pkcs11-list does not work
pkcs11-list does work
This was fixed upstream in https://github.com/OpenSC/OpenSC/pull/590
This change would be tremendously useful for DNSSEC debugging in IdM/FreeIPA.
the patch from description was applied on src/pkcs11/pkcs11-spy.exports , may you please verify if it is correct?
Let me be more specific:
(In reply to Petr Spacek from comment #0)
> Steps to Reproduce:
> 0. configure PKCS#11 provider of your choice and try to use it with
> pkcs11spy & BIND-pkcs11 build
SoftHSM package is good enough. This should work:
0.a. $ yum install softhsm
0.b. $ softhsm2-util --init-token --slot 0 --label test --so-pin 1234 --pin 1234
> 1. $ yum install bind-pkcs11-utils
> 2. $ export PKCS11_PROVIDER=/usr/lib64/pkcs11/pkcs11-spy.so
> 3. $ export PKCS11SPY=/path/to/your/pkcs11/provider.so
3. export PKCS11SPY=/usr/lib64/pkcs11/libsofthsm2.so
(on 64 bit arches)
> 4. $ pkcs11-list
It should not print any error. Last lines should look like:
Returned: 0 CKR_OK
Reproduced on RHEL-7.2 GA with opensc-0.14.0-1.el7, reproduced on RHEL-7.3-20160914.1 with opensc-0.14.0-2.el7.
Ow thare's a typo, the bug was verified on RHEL-7.3-20160914.1 with opensc-0.14.0-2.el7.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.