Bug 212517 - security/openconnect: PKCS#11 support
Summary: security/openconnect: PKCS#11 support
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ryan Steinmetz
Depends on:
Reported: 2016-09-09 11:44 UTC by dwmw2
Modified: 2018-01-11 13:49 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (zi)


Note You need to log in before you can comment on or make changes to this bug.
Description dwmw2 2016-09-09 11:44:48 UTC
This should work:

# pkg install softhsm2
# softhsm2-util --init-token --slot 0 --label mytoken --pin 1234 --so-pin 12345678
# yes "" | openssl req -x509 -new -days 3650 -out cert.pem -nodes
# softhsm2-util --import privkey.pem --slot 0 --pin 1234 --label mykey --id 01
# openconnect -c cert.pem -k 'pkcs11:token=mytoken;object=mykey;pin-value=1234' auth.startssl.com

It fails with 
This version of OpenConnect was built without PKCS#11 support

Firstly, please build with libp11 support (or against GnuTLS) by default. That'll fix the complete lack of PKCS#11 support. But then you will hit the problem that the softhsm2 — like the OpenSC package and others — fails to install a p11-kit module file to register itself to be available to applications. Should we file separate bugs for those?
Comment 1 dwmw2 2016-09-09 11:54:42 UTC
Filed bug 212518 for the softhsm2 part.
Comment 2 Walter Schwarzenfeld freebsd_triage 2018-01-08 13:35:48 UTC
PR #212518 is fixed.
Comment 3 Ryan Steinmetz freebsd_committer freebsd_triage 2018-01-11 01:13:20 UTC
(In reply to dwmw2 from comment #0)
Did you build security/openconnect with the P11 option enabled?  By default (and in the package) it is disabled.
Comment 4 Walter Schwarzenfeld freebsd_triage 2018-01-11 04:42:34 UTC
Was the wrong statement. I only want know what's happend with this PR.
Maintainer feedback?
Comment 5 Ryan Steinmetz freebsd_committer freebsd_triage 2018-01-11 13:49:41 UTC
(In reply to w.schwarzenfeld from comment #4)
Not sure what you are asking.