Comment 4 for bug 645576

Revision history for this message
David Smith (dds) wrote :

How to reproduce, given a wpasupplicant configuration that uses PKCS#11 to use the TPM for private key:
  - Connect to the network once, ensure a normal connection is possible.
  - Kill the opencryptoki pkcsslotd process (send SIGKILL; it ignores SIGTERM while in use).
  - Start a new opencryptoki pkcsslotd process.
  - Attempt to reconnect to the same network.

Expected behavior:
  - wpasupplicant should unload the PKCS#11 openssl engine library and reload it for the reconnection attempt.
  - The connection should succeed.

Observed behavior:
  - wpasupplicant unloads the PKCS#11 openssl engine library and reloads it for the reconnection attempt.
  - Immediately after wpasupplicant loads the PKCS#11 openssl engine library, it fails to load the private key.

The failure to load the private key was debugged back to failure in the opencryptoki TPM library to load the private root key. The private key fails to load because the session object opencryptoki uses to load the key into the TPM is stale, left over from the first session.