Ubuntu
pkcs11-helper package

Bug #1970943
Activity log

Activity log for bug #1970943

Date	Who	What changed	Old value	New value	Message
2022-04-29 13:35:51	Lorenz Schwittmann	bug			added bug
2022-04-29 13:36:46	Lorenz Schwittmann	affects	file (Ubuntu)	pkcs11-helper (Ubuntu)
2022-05-12 16:49:58	Launchpad Janitor	pkcs11-helper (Ubuntu): status	New	Confirmed
2022-05-17 20:58:38	Brian Murray	tags	upgrade-software-version	rls-jj-incoming upgrade-software-version
2022-05-18 13:39:49	Sebastien Bacher	pkcs11-helper (Ubuntu): importance	Undecided	High
2022-05-18 13:39:49	Sebastien Bacher	pkcs11-helper (Ubuntu): status	Confirmed	Fix Committed
2022-05-18 13:52:06	Sebastien Bacher	description	Ubuntu 22.04 LTS When using an openvpn configuration which uses a smartcard based authentication via "pkcs11-id" and "pkcs11-providers" the connection fails: 2022-04-29 14:07:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 2022-04-29 14:07:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2022-04-29 14:07:18 PKCS#11: Adding PKCS#11 provider '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so' 2022-04-29 14:07:19 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXXXXXXXXXXXX:1194 2022-04-29 14:07:19 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-04-29 14:07:19 UDP link local: (not bound) 2022-04-29 14:07:19 UDP link remote: [AF_INET6]XXXXXXXXXXXXX:1194 2022-04-29 14:07:19 TLS: Initial packet from [AF_INET6]XXXXXXXXXXXXX:1194, sid=xxxxx xxxx 2022-04-29 14:07:19 VERIFY OK: depth=1, CN=xxxxxxxxxxxx 2022-04-29 14:07:19 VERIFY KU OK 2022-04-29 14:07:19 Validating certificate extended key usage 2022-04-29 14:07:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-29 14:07:19 VERIFY EKU OK 2022-04-29 14:07:19 VERIFY OK: depth=0, CN=xxxxxxxxxxxxx 2022-04-29 14:07:19 OpenSSL: error:020000B3:rsa routines::missing private key 2022-04-29 14:07:19 OpenSSL: error:1C880004:Provider routines::RSA lib 2022-04-29 14:07:19 OpenSSL: error:0A080006:SSL routines::EVP lib 2022-04-29 14:07:19 TLS_ERROR: BIO read tls_read_plaintext error 2022-04-29 14:07:19 TLS Error: TLS object -> incoming plaintext read error 2022-04-29 14:07:19 TLS Error: TLS handshake failed 2022-04-29 14:07:19 SIGUSR1[soft,tls-error] received, process restarting 2022-04-29 14:07:19 Restart pause, 5 second(s) The same problem has been reported upstream at https://github.com/OpenSC/pkcs11-helper/issues/52 which resulted in a fix. I've downloaded and built pkcs11-helper version 1.29.0 and it fixed the problem indeed. TLDR: please update pkcs11-helper	* Impact When using an openvpn configuration which uses a smartcard based authentication via "pkcs11-id" and "pkcs11-providers" the connection fails * Test case Try to connect to a server using OpenVPN with smartcard authentification * Regression potential libpkcs11-helper1 is only used by openvpn in the archive so focus the testing on openvpn + smartcards setups ----------------------------------- Ubuntu 22.04 LTS 2022-04-29 14:07:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 2022-04-29 14:07:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2022-04-29 14:07:18 PKCS#11: Adding PKCS#11 provider '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so' 2022-04-29 14:07:19 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXXXXXXXXXXXX:1194 2022-04-29 14:07:19 Socket Buffers: R=[212992->212992] S=[212992->212992] 2022-04-29 14:07:19 UDP link local: (not bound) 2022-04-29 14:07:19 UDP link remote: [AF_INET6]XXXXXXXXXXXXX:1194 2022-04-29 14:07:19 TLS: Initial packet from [AF_INET6]XXXXXXXXXXXXX:1194, sid=xxxxx xxxx 2022-04-29 14:07:19 VERIFY OK: depth=1, CN=xxxxxxxxxxxx 2022-04-29 14:07:19 VERIFY KU OK 2022-04-29 14:07:19 Validating certificate extended key usage 2022-04-29 14:07:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-29 14:07:19 VERIFY EKU OK 2022-04-29 14:07:19 VERIFY OK: depth=0, CN=xxxxxxxxxxxxx 2022-04-29 14:07:19 OpenSSL: error:020000B3:rsa routines::missing private key 2022-04-29 14:07:19 OpenSSL: error:1C880004:Provider routines::RSA lib 2022-04-29 14:07:19 OpenSSL: error:0A080006:SSL routines::EVP lib 2022-04-29 14:07:19 TLS_ERROR: BIO read tls_read_plaintext error 2022-04-29 14:07:19 TLS Error: TLS object -> incoming plaintext read error 2022-04-29 14:07:19 TLS Error: TLS handshake failed 2022-04-29 14:07:19 SIGUSR1[soft,tls-error] received, process restarting 2022-04-29 14:07:19 Restart pause, 5 second(s) The same problem has been reported upstream at https://github.com/OpenSC/pkcs11-helper/issues/52 which resulted in a fix. I've downloaded and built pkcs11-helper version 1.29.0 and it fixed the problem indeed. TLDR: please update pkcs11-helper
2022-05-18 18:27:16	Launchpad Janitor	pkcs11-helper (Ubuntu): status	Fix Committed	Fix Released
2022-05-24 23:12:40	Brian Murray	pkcs11-helper (Ubuntu Jammy): status	New	Fix Committed
2022-05-24 23:12:42	Brian Murray	bug			added subscriber Ubuntu Stable Release Updates Team
2022-05-24 23:12:44	Brian Murray	bug			added subscriber SRU Verification
2022-05-24 23:12:46	Brian Murray	tags	rls-jj-incoming upgrade-software-version	rls-jj-incoming upgrade-software-version verification-needed verification-needed-jammy
2022-05-25 08:28:27	Lorenz Schwittmann	tags	rls-jj-incoming upgrade-software-version verification-needed verification-needed-jammy	rls-jj-incoming upgrade-software-version verification-done-jammy verification-needed
2022-05-30 07:37:14	Sebastien Bacher	tags	rls-jj-incoming upgrade-software-version verification-done-jammy verification-needed	upgrade-software-version verification-done verification-done-jammy
2022-06-01 01:38:42	Chris Halse Rogers	removed subscriber Ubuntu Stable Release Updates Team
2022-06-01 01:41:33	Launchpad Janitor	pkcs11-helper (Ubuntu Jammy): status	Fix Committed	Fix Released

Ubuntupkcs11-helper package

Activity log for bug #1970943

Ubuntu
pkcs11-helper package