Description of problem: opensc currently does not work with smart cards with compressed certificates. opensc cannot access any compressed certificates. According to upstream, the fix for this is to build opensc with zlib; full details at https://github.com/OpenSC/OpenSC/issues/1811#issuecomment-535761831 Version-Release number of selected component (if applicable): 0.19.0-7.fc31 How reproducible: With any smart card that uses compression. I just got a new US DoD CAC (Common Access Card) on September 9, 2019, so I suspect that many (if not all) new CACs will be impacted (and since CACs are impacted, and they're pretty big user base that's important, I've reported this as a high severity issue). Steps to Reproduce: 1. Insert a smart card that has compressed certificates 2. Try to read the certificate using `pkcs15-tool --read-certificate 01` Actual results: $ pkcs15-tool --read-certificate 01 | openssl x509 -text -noout Using reader with a card: Identiv SCR3500 A Contact Reader [CCID Interface] (54301709612490) 00 00 Certificate with ID '01' not found. unable to load certificate 140098756077376:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICAT Expected results: A listing of the certificate information. Additional info: Please see the upstream issue report at https://github.com/OpenSC/OpenSC/issues/1811
Thank you for the report. It looks like the zlib disappeared from the build roots for the new Fedora 31 with the mass rebuild. https://koji.fedoraproject.org/koji/buildinfo?buildID=1332387 The last build I did was still done with zlib. https://koji.fedoraproject.org/koji/buildinfo?buildID=1239714 Anyway, I will add the proper build requires and rebuild the OpenSC package.
Please, try the following scratch build. It should address your issue: https://koji.fedoraproject.org/koji/taskinfo?taskID=37892414 I will issue package update soon.
(In reply to Jakub Jelen from comment #2) > Please, try the following scratch build. It should address your issue: > > https://koji.fedoraproject.org/koji/taskinfo?taskID=37892414 > > I will issue package update soon. I tested opensc-0.19.0-7.1.fc31.x86_64.rpm and can confirm that it fixes the issue. Thank you very much!
FEDORA-2019-a413bf11e2 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-a413bf11e2
opensc-0.19.0-8.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-a413bf11e2
opensc-0.19.0-8.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.