[Swan] libreswan smartcards unexpected side effects

[Paul Wouters]

On Fri, 29 Apr 2022, Ian Willis wrote:

> So far it appears to just be the card reader itself which causes the issue.
> It also appears to cause issues with Firefox which becomes unresponsive even
> after the card reader is removed.

See  /etc/crypto-policies/local.d/nss-p11-kit.config

name=p11-kit-proxy
library=p11-kit-proxy.so

It is p11-kit-proxy that pulls in the "system defaults" I believe.
My guess is if you delete/rename that file, it should no longer try
to any hardware within libreswan (or other nss apps!)

Paul


> [34032.370329] usb 1-2.1.3: new full-speed USB device number 17 using
> xhci_hcd
> [34032.631033] usb 1-2.1.3: New USB device found, idVendor=096e,
> idProduct=060d, bcdDevice= 3.52
> [34032.631036] usb 1-2.1.3: New USB device strings: Mfr=1, Product=2,
> SerialNumber=3
> [34032.631038] usb 1-2.1.3: Product: R502
> [34032.631039] usb 1-2.1.3: Manufacturer: Feitian
> [34032.631040] usb 1-2.1.3: SerialNumber: F6325B88290000F5
> [34066.200951] usb 1-2.1.3: USB disconnect, device number 17
> 
> Currently looking through https://access.redhat.com/articles/4253861 to gain
> a bit more insight on this and will probably just use an alternative reader.
> 
> 
> 
> Kind Regards
> 
> -----Original Message-----
> From: Paul Wouters <paul at nohats.ca>
> To: Ian Willis <ian at checksum.net.au>
> Cc: Swan at lists.libreswan.org
> Subject: Re: [Swan] libreswan smartcards unexpected side effects
> Date: Thu, 28 Apr 2022 22:37:27 +0200
> 
> There is an nss automatic hardware module loader config that makes system wi
> de hooks available in nss that can be disabled in /etc with some option but 
> I don’t remember exactly which one and a quick google didn’t help me. I ran 
> into it when I installed open dnssec that installed softhsm and then Pluto’s
>  nss also read it the softhsm stored as part of nss.
> 
> Sent using a virtual keyboard on a phone
> 
> On Apr 28, 2022, at 16:34, Ian Willis <
> 
> ian at checksum.net.au
> 
> > wrote:
> 
> 
>