[Bug 1970943] Re: OpenVPN connection fails with smartcard provided private key; please update pkcs11-helper

Brian Murray 1970943 at bugs.launchpad.net
Tue May 24 23:12:47 UTC 2022 

Hello Lorenz, or anyone else affected,

Accepted pkcs11-helper into jammy-proposed. The package will build now
and be available at
https://launchpad.net/ubuntu/+source/pkcs11-helper/1.28-1ubuntu0.22.04.1
in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
jammy to verification-done-jammy. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-jammy. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: pkcs11-helper (Ubuntu Jammy)
       Status: New => Fix Committed

** Tags added: verification-needed verification-needed-jammy

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pkcs11-helper in Ubuntu.
https://bugs.launchpad.net/bugs/1970943

Title:
  OpenVPN connection fails with smartcard provided private key; please
  update pkcs11-helper

Status in pkcs11-helper package in Ubuntu:
  Fix Released
Status in pkcs11-helper source package in Jammy:
  Fix Committed

Bug description:
  * Impact

  When using an openvpn configuration which uses a smartcard based
  authentication via "pkcs11-id" and "pkcs11-providers" the connection
  fails

  * Test case

  Try to connect to a server using OpenVPN with smartcard
  authentification

  * Regression potential

  libpkcs11-helper1 is only used by openvpn in the archive so focus the
  testing on openvpn + smartcards setups

  -----------------------------------

  Ubuntu 22.04 LTS

  
  2022-04-29 14:07:18 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
  2022-04-29 14:07:18 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
  2022-04-29 14:07:18 PKCS#11: Adding PKCS#11 provider '/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so'
  2022-04-29 14:07:19 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXXXXXXXXXXXX:1194
  2022-04-29 14:07:19 Socket Buffers: R=[212992->212992] S=[212992->212992]
  2022-04-29 14:07:19 UDP link local: (not bound)
  2022-04-29 14:07:19 UDP link remote: [AF_INET6]XXXXXXXXXXXXX:1194
  2022-04-29 14:07:19 TLS: Initial packet from [AF_INET6]XXXXXXXXXXXXX:1194, sid=xxxxx xxxx
  2022-04-29 14:07:19 VERIFY OK: depth=1, CN=xxxxxxxxxxxx
  2022-04-29 14:07:19 VERIFY KU OK
  2022-04-29 14:07:19 Validating certificate extended key usage
  2022-04-29 14:07:19 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
  2022-04-29 14:07:19 VERIFY EKU OK
  2022-04-29 14:07:19 VERIFY OK: depth=0, CN=xxxxxxxxxxxxx
  2022-04-29 14:07:19 OpenSSL: error:020000B3:rsa routines::missing private key
  2022-04-29 14:07:19 OpenSSL: error:1C880004:Provider routines::RSA lib
  2022-04-29 14:07:19 OpenSSL: error:0A080006:SSL routines::EVP lib
  2022-04-29 14:07:19 TLS_ERROR: BIO read tls_read_plaintext error
  2022-04-29 14:07:19 TLS Error: TLS object -> incoming plaintext read error
  2022-04-29 14:07:19 TLS Error: TLS handshake failed
  2022-04-29 14:07:19 SIGUSR1[soft,tls-error] received, process restarting
  2022-04-29 14:07:19 Restart pause, 5 second(s)

  The same problem has been reported upstream at
  https://github.com/OpenSC/pkcs11-helper/issues/52 which resulted in a
  fix.

  I've downloaded and built pkcs11-helper version 1.29.0 and it fixed
  the problem indeed.

  TLDR: please update pkcs11-helper

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pkcs11-helper/+bug/1970943/+subscriptions

More information about the foundations-bugs mailing list