[gnutls-devel] GnuTLS | PKCS#11 fails for tokens with CKF_USER_PIN_INITIALIZED but not CKF_LOGIN_REQUIRED (#977)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Apr 23 14:03:38 CEST 2020

David Woodhouse created an issue: https://gitlab.com/gnutls/gnutls/-/issues/977

In https://gitlab.com/openconnect/openconnect/-/issues/123 a user reports that their PKCS#11 token doesn't work with OpenConnect.

I have fixed the OpenSSL build by logging in even if `CKF_LOGIN_REQUIRED` isn't set (a bug in the provider, arguably, but that's about par for the course with vendor-provided crap), if `CKF_USER_PIN_INITIALIZED` is set.

I've added a test case, but disabled it for the GnuTLS build for now as I think it needs to be fixed *in* GnuTLS (although if a workaround in OpenConnect is possible that would be very useful to have).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/977
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200423/19d4e642/attachment.html>

More information about the Gnutls-devel mailing list