[Swan] libreswan smartcards unexpected side effects
Paul Wouters
paul at nohats.ca
Mon May 2 22:22:52 EEST 2022
On Fri, 29 Apr 2022, Ian Willis wrote:
> So far it appears to just be the card reader itself which causes the issue.
> It also appears to cause issues with Firefox which becomes unresponsive even
> after the card reader is removed.
See /etc/crypto-policies/local.d/nss-p11-kit.config
name=p11-kit-proxy
library=p11-kit-proxy.so
It is p11-kit-proxy that pulls in the "system defaults" I believe.
My guess is if you delete/rename that file, it should no longer try
to any hardware within libreswan (or other nss apps!)
Paul
> [34032.370329] usb 1-2.1.3: new full-speed USB device number 17 using
> xhci_hcd
> [34032.631033] usb 1-2.1.3: New USB device found, idVendor=096e,
> idProduct=060d, bcdDevice= 3.52
> [34032.631036] usb 1-2.1.3: New USB device strings: Mfr=1, Product=2,
> SerialNumber=3
> [34032.631038] usb 1-2.1.3: Product: R502
> [34032.631039] usb 1-2.1.3: Manufacturer: Feitian
> [34032.631040] usb 1-2.1.3: SerialNumber: F6325B88290000F5
> [34066.200951] usb 1-2.1.3: USB disconnect, device number 17
>
> Currently looking through https://access.redhat.com/articles/4253861 to gain
> a bit more insight on this and will probably just use an alternative reader.
>
>
>
> Kind Regards
>
> -----Original Message-----
> From: Paul Wouters <paul at nohats.ca>
> To: Ian Willis <ian at checksum.net.au>
> Cc: Swan at lists.libreswan.org
> Subject: Re: [Swan] libreswan smartcards unexpected side effects
> Date: Thu, 28 Apr 2022 22:37:27 +0200
>
> There is an nss automatic hardware module loader config that makes system wi
> de hooks available in nss that can be disabled in /etc with some option but
> I don’t remember exactly which one and a quick google didn’t help me. I ran
> into it when I installed open dnssec that installed softhsm and then Pluto’s
> nss also read it the softhsm stored as part of nss.
>
> Sent using a virtual keyboard on a phone
>
> On Apr 28, 2022, at 16:34, Ian Willis <
>
> ian at checksum.net.au
>
> > wrote:
>
>
>
More information about the Swan
mailing list