It's really trying to open the pkcs11 URI as a file... :/
newfstatat(AT_FDCWD, "pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=148c784165ed428b;token=test-token;id=%96%7F%20%F2%98%18%D7%15%3D%AF%87%AB%EC%09%25%C5%14%51%2E%E1;object=test-key;type=private;pin-value=1234", 0x7ffca135a450, 0) = -1 ENOENT (No such file or directory)
I think something in my setup broke, because it's also failing with the pkcs11 module which worked before(tm).
UPDATE: hm, having only one pkcs11 provider loaded at once seems better. It kind of worked when I commented out (removed) pkcs11sign from ssl.cnf. I still get a core dump, but the request file is generated:
# l test-key.req
-rw-r--r-- 1 root root 4.3K Mar 6 20:18 test-key.req
Still, with just pkcs11sign, and no pkcs11, it still didn't work.
UPDATE2: the stat on the pkcs11 URI as a file also happens with the pkcs11 provider, so it's probably unrelated (like an attempt: is it a file? No? Ok, is it something else? And so on)
It's really trying to open the pkcs11 URI as a file... :/
newfstatat( AT_FDCWD, "pkcs11: model=SoftHSM% 20v2;manufactur er=SoftHSM% 20project; serial= 148c784165ed428 b;token= test-token; id=%96% 7F%20%F2% 98%18%D7% 15%3D%AF% 87%AB%EC% 09%25%C5% 14%51%2E% E1;object= test-key; type=private; pin-value= 1234", 0x7ffca135a450, 0) = -1 ENOENT (No such file or directory)
I think something in my setup broke, because it's also failing with the pkcs11 module which worked before(tm).
UPDATE: hm, having only one pkcs11 provider loaded at once seems better. It kind of worked when I commented out (removed) pkcs11sign from ssl.cnf. I still get a core dump, but the request file is generated:
# openssl req -provider pkcs11 -new -key "pkcs11: model=SoftHSM% 20v2;manufactur er=SoftHSM% 20project; serial= 148c784165ed428 b;token= test-token; id=%96% 7F%20%F2% 98%18%D7% 15%3D%AF% 87%AB%EC% 09%25%C5% 14%51%2E% E1;object= test-key; type=private; pin-value= 1234" -out test-key.req -text -x509 -subj "/CN=n-hsm.lxd"
Segmentation fault (core dumped)
# l test-key.req
-rw-r--r-- 1 root root 4.3K Mar 6 20:18 test-key.req
Still, with just pkcs11sign, and no pkcs11, it still didn't work.
UPDATE2: the stat on the pkcs11 URI as a file also happens with the pkcs11 provider, so it's probably unrelated (like an attempt: is it a file? No? Ok, is it something else? And so on)