[Bug 1648634] [NEW] opencryptoki breaks p11-kit
dwmw2
dwmw2 at infradead.org
Thu Dec 8 21:33:59 UTC 2016
Public bug reported:
When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to
/var/lib/opencryptoki, which is readable only by root.
This means that anything using p11-kit to find the PKCS#11 modules which
are configured to be available in the system (which is basically any
well-behaved application) now breaks:
$ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com
POST https://server.example.com/
Attempting to connect to server [fec0::1]:443
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
Error loading certificate from PKCS#11: PKCS #11 initialization error.
Loading certificate failed. Aborting.
$ p11tool --list-tokens
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
pkcs11_init: PKCS #11 initialization error.
** Affects: opencryptoki (Ubuntu)
Importance: Undecided
Status: New
** Affects: p11-kit (Ubuntu)
Importance: Undecided
Status: New
** Also affects: p11-kit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to p11-kit in Ubuntu.
https://bugs.launchpad.net/bugs/1648634
Title:
opencryptoki breaks p11-kit
Status in opencryptoki package in Ubuntu:
New
Status in p11-kit package in Ubuntu:
New
Bug description:
When opencryptoki is installed, it creates a symlink from /etc/pkcs11
to /var/lib/opencryptoki, which is readable only by root.
This means that anything using p11-kit to find the PKCS#11 modules
which are configured to be available in the system (which is basically
any well-behaved application) now breaks:
$ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com
POST https://server.example.com/
Attempting to connect to server [fec0::1]:443
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
Error loading certificate from PKCS#11: PKCS #11 initialization error.
Loading certificate failed. Aborting.
$ p11tool --list-tokens
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
pkcs11_init: PKCS #11 initialization error.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1648634/+subscriptions
More information about the foundations-bugs
mailing list