Version 1.10.4 broke OpenSC PKCS11 auth

Got a problem with Viscosity or need help? Ask here!

byadmin

Posts: 3
Joined: Wed Nov 02, 2022 10:20 pm

Post by byadmin » Wed Nov 02, 2022 10:25 pm
Updated today Viscosity to version 1.10.4 and it cannot read PKCS11 certs from an external token (Yubikey) anymore.
Code: Select all
% opensc-tool --version
OpenSC-0.22.0-rc1-74-gc902e199, rev: c902e199, commit-time: 2021-08-10 11:09:03 +0200
Code: Select all
% opensc-tool --list-readers
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Yubico Yubikey NEO OTP+U2F+CCID
Code: Select all
% pkcs11-tool --list-objects --type cert
Using slot 0 with a present token (0x0)
Certificate Object; type = X.509 cert
  label:      Certificate for PIV Authentication
  subject:    DN: C=XX, O=xxx, CN=xxx
  ID:         01
The connection log shows
Code: Select all
2022-11-02 12:23:06: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/opensc-pkcs11.so'
2022-11-02 12:23:06: PKCS#11: Cannot initialize provider '/Library/OpenSC/lib/opensc-pkcs11.so' 6-'CKR_FUNCTION_FAILED'
Where can I download the previous version 1.10.3?

daio

Posts: 2
Joined: Wed Nov 02, 2022 10:08 pm

Post by daio » Wed Nov 02, 2022 10:30 pm
I'm using Yubikey for PKCS11 authentication.

After updating to 1.10.4 I'm getting the following message during connection in the logs
Code: Select all
2022-11-02 14:04:33: PKCS#11: Cannot initialize provider '/Library/OpenSC/lib/opensc-pkcs11.so' 6-'CKR_FUNCTION_FAILED'
and a message "Please enter your PKCS#11 token or smartcard to use for authentication for the connection "connection" and click OK."

OpenSC version is 0.22 from homebrew
I've also tried libykcs11.dylib from yubico-piv-tool package. It fails to initialize with the same error.

This configuration works well in 1.10.3.

daio

Posts: 2
Joined: Wed Nov 02, 2022 10:08 pm

Post by daio » Wed Nov 02, 2022 10:58 pm
Copying viscosity_openvpn from 1.10.3 to /Library/Application\ Support/Viscosity/ helps. It works again.

dhivakaran

Posts: 1
Joined: Thu Nov 03, 2022 3:48 am

Post by dhivakaran » Thu Nov 03, 2022 3:53 am
We have seen this error before, elsewhere. 1.10.14 release is not working on Mac OS 12.6.1
PKCS#11: Cannot initialize provider '/Library/OpenSC/lib/opensc-pkcs11.so' 6-'CKR_FUNCTION_FAILED'

Pop-up window supposed to show up eToken certificate name to select, but pop-up shows up with empty choices.
Connection logs shows this error above. No activity on the eToken i.e no blinking lights.
Looks to me bad code-merge for the new release, but the error could mean so many things.

matsimoto

Posts: 8
Joined: Wed Dec 24, 2014 2:17 am

Post by matsimoto » Thu Nov 03, 2022 5:03 am
Hi,

after upgrading to Mac OS Ventura I get this error when trying to connect:

2022-11-02 18:58:40: PKCS#11: Adding PKCS#11 provider '/Library/OpenSC/lib/opensc-pkcs11.so'
2022-11-02 18:58:40: PKCS#11: Cannot initialize provider '/Library/OpenSC/lib/opensc-pkcs11.so' 6-'CKR_FUNCTION_FAILED'

I am using OpenSC 0.22.0 installed via home brew with a Nitro Key Pro PKCS11 Token.

No connection can be established.

Anything I can do to make it work ?

Ciao
Matsimoto

byadmin

Posts: 3
Joined: Wed Nov 02, 2022 10:20 pm

Post by byadmin » Thu Nov 03, 2022 6:48 am
Same issue here.
You may want to downgrade to previous version: https://swupdate.sparklabs.com/download ... 1.10.3.dmg
Last edited by byadmin on Thu Nov 03, 2022 6:57 am, edited 1 time in total.

James

User avatar
Posts: 2312
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Nov 03, 2022 8:17 am
Hi All,

Thanks for the reports. This regression should now be fixed in the latest build (1.10.4 build 1611).

It's currently available via the beta update stream, and we should have it available on the release stream shortly (once release testing is complete).
https://www.sparklabs.com/support/kb/ar ... -versions/

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

matsimoto

Posts: 8
Joined: Wed Dec 24, 2014 2:17 am

Post by matsimoto » Thu Nov 03, 2022 6:49 pm
Hi,

just for the records, Beta Build 1611 fixed the bug.

Ciao
matsimoto

byadmin

Posts: 3
Joined: Wed Nov 02, 2022 10:20 pm

Post by byadmin » Thu Nov 03, 2022 9:09 pm
Thu Nov 03, 2022 6:49 pmmatsimoto wrote:
Hi,

just for the records, Beta Build 1611 fixed the bug.

Ciao
matsimoto
Confirmed. :D
6 posts Page 1 of 1