[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pkinit integration with smart card

To: malexander@kcp.com
Subject: Re: pkinit integration with smart card
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Wed, 6 Sep 2006 21:09:54 +0200
Cc: "Douglas E. Engert" <deengert@anl.gov>, heimdal-discuss@sics.se
In-Reply-To: <D26274B6-3209-49FC-BE48-96F83179EDEA@kth.se>
References: <OF695DD729.30DB4AD4-ON862571E1.00533478-862571E1.00539231@kcp.com> <D26274B6-3209-49FC-BE48-96F83179EDEA@kth.se>
Sender: owner-heimdal-discuss@sics.se

> that error is HX509_CMS_NO_RECIPIENT_CERTIFICATE and it means that the
> CMS lib doesn't find the certificate that made the signature/ 
> encryption. I assume
> DH is used, so that would be signature then.
>
> I need to add more debug message to figure out, but inf you can run  
> gdb on kinit
> and try to figure out why find_CMSIdentifier() doesn't find the  
> certificate (if its even passed
> back from the KDC).

I've sprinked some more error message, tonight snapshot will  
hopefully tell you whats missing
if I got the bridge between hx509 and krb5 libs right. hxtool now  
tells me this on the same type
of failure:

$ hxtool cms-verify-sd .... test-signed-data-noattr-nocerts sd.data.out
hxtool: hx509_cms_verify_signed: Failed to find cert issued by  
C=SE,CN=hx509 Test Root CA with serial number 02

Love

References:
- Re: pkinit integration with smart card
  - From: malexander@kcp.com
- Re: pkinit integration with smart card
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: pkinit integration with smart card
Next by Date: bazaar: krb5_fcc_ops has get_cache_first/next/end set
Prev by thread: Re: pkinit integration with smart card
Next by thread: Re: pkinit integration with smart card
Index(es):
- Date
- Thread