Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS
2016-Dec-07 21:20 UTC
[CentOS] CentOS 6, firefox, PIV cards
m.roth at 5-cent.us further wrote: ############## m.roth at 5-cent.us wrote:> Hi, folks, > > Up until a few weeks ago, it worked as it has been for years: firefox, > security device is libcoolkey, and pcscd. > > Today, I go to use it (I have done updates sine I last used it), and > try preferences->advanced->certificates, and it hangs. My most recent > try was for over 20 min. If you move something over the window, then > move it away, it's a blank window. Pull out the card, and *some* of the > time, it pops up the window showing no certs, having never asked for a > PIN. The rest of the time, firefox crashes, hard. > > I know the pcscd part works - I used it via a script this morning from > the command line, as does pkcs15-tool from the command line. > > Anyone got any clues? Maybe I should downgrade (if I can) firefox? >Additional info: I tried bringing up firefox with two other profiles. One didn't have coolkey as a security device, but when I tried to add it, it responded with "cannot add module". Yet a third profile, that had both libcoolky and the older onepin, and that popped up a window saying I needed to authenticate, sat there with no way to put a pin in, then, when I pulled the card, it flashed the popup window with my certs. Yes, at this time, I'm looking at issues with firefox. So - has anyone else had this problem? mark ################# Not yet had the issue(s) but I do have some questions: 1) is this with the same physical PIV that you have been using "Up until a few weeks ago", that is did you (or the affected person) get a new PIV recently? 1a) does firefox have the certificate authorities loaded which cover the card in question (make sure to trace back to the root CA, there have been changes)? 2) have you tried just `yum downgrade firefox` and see if it works? 2a) I would be tempted to do something on the order of `rpm -qa --last |head -50` and then for each package seen there do an rpm -q --verify (syntax unsure) on them to be sure all the packages got installed correctly. 3) same as (2) but with recent nss|coolkey|pcscd updates? 4) interrupted updates? i.e., `yum complete-transaction` (sp???) `yum reinstall firefox nss coolkey pcscd` Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract.
Hi, Todd, Denniston, Todd A CIV NAVSURFWARCENDIV Crane, JXVS wrote:> m.roth at 5-cent.us further wrote: > ############## > m.roth at 5-cent.us wrote: >> >> Up until a few weeks ago, it worked as it has been for years: >> firefox,security device is libcoolkey, and pcscd. >> >> Today, I go to use it (I have done updates sine I last used it), and >> try preferences->advanced->certificates, and it hangs. My most recent >> try was for over 20 min. If you move something over the window, then >> move it away, it's a blank window. Pull out the card, and *some* of the >> time, it pops up the window showing no certs, having never asked for a >> PIN. The rest of the time, firefox crashes, hard. >> >> I know the pcscd part works - I used it via a script this morning >> from the command line, as does pkcs15-tool from the command line. >> >> Anyone got any clues? Maybe I should downgrade (if I can) firefox?<snip> Before I start, let me say it was resolved - my manager has a script that does something to the profiles (which I need to look at). There's a good chance that the Chain of Authorities had either expired, or gotten hosed somehow (that's my guess).> Not yet had the issue(s) but I do have some questions: > 1) is this with the same physical PIV that you have been using "Up until a > few weeks ago", that is did you (or the affected person) get a new PIV > recently?Yes.> 1a) does firefox have the certificate authorities loaded which cover the > card in question (make sure to trace back to the root CA, there have been > changes)?It used to.> > 2) have you tried just `yum downgrade firefox` and see if it works?Tried that. <snip>> 4) interrupted updates? i.e., `yum complete-transaction` (sp???) `yum > reinstall firefox nss coolkey pcscd` >Shouldn't have been any... though I did an update, and forgot to disableexcludes, since I didn't feel like screwing with rebuilding my NVidia driver.> Even when this disclaimer is not here: > I am not a contracting officer. I do not have authority to make or modify > the terms of any contract.Yeah, me neither. mark