Ticket #29 (reopened enhancement)

Opened 3 years ago

Last modified 11 months ago

reader hotplugging

Reported by: martin Owned by: devel
Priority: normal Milestone: Someday
Component: opensc Version: devel
Severity: major Keywords: reader hotplug
Cc:

Description

Currently opensc operates with some blue-eyed assumptions - like readers are static. I describe a stiuation: 1) You open mozilla, where opensc pkcs11 module is configured on a computer that has no reader attached 2) You visit some https pages, the pkcs11 module gets loaded and discoveres that there are no readers and fails 3) you then connect a reader and try to visit some page that needs authentication via pkcs11 module - you fail.

This is not acceptable. Very often people see that everything is OK as the module is loaded when there actually IS a reader connected to the computer. In that case you can remove the reader, press ctrl-r on the page that needs authentication, fail with mozilla error, reconnect the reader and press ctrl-r and get a correct page again. But if you change the reader (the name changes in case you use pcsc) pkcs11 module fails again.

Currently even loading the module fails if you have no readers configured - this can be worked around in slot.c and ctx.c - a context can be created even with no readers found and

Any design tips to fix this ?

Change History

Changed 3 years ago by martin

  • priority changed from normal to high

Changed 2 years ago by martin

  • priority changed from high to normal
  • type changed from defect to enhancement
  • milestone set to Someday

As more and more people use laptops and hotplugging is a normal activity, we need to make sure that opensc (or our pkcs#11 module) can live in such environment. The main usecase would be a single reader being plugged and unplugged several times during the lifecycle of the loaded module. 95% of end-users have a single reader they want to plug and unplug rather than have 3 different readers via 3 different subsystems (openct, ctapi, pcsc) that should work all the time. So we should make sure that we can:

  • load the module with no readers connected into firefox
  • connect the reader later on
  • insert a card and use it to do SSL
  • remove the reader and replace it with another one
  • still use the card.

Changed 17 months ago by aj

  • status changed from new to closed
  • resolution set to invalid

openct works with virtual readers. drivers on windows too. pcsc ifdhandlers should have the same assumption. thus not an opensc bug.

Changed 16 months ago by martin

  • status changed from closed to reopened
  • resolution invalid deleted

This is mostly a problem with pkcs11 and has more information (especially about virtual readers/slots) @ http://www.opensc-project.org/pipermail/opensc-devel/2007-April/009736.html

Preallocation of slots is a standard technique to support hotplugging. Before PKCS #11 2.20, PKCS #11 modules were not allowed to change their slot count between C_Initialize and C_Finalize. Even after PKCS #11 2.20, applications don't always query the module once it's initialized to see if more slots have been added (slots can still never all go away).

As I said - it is not a defect, it is an enhancement. OpenSC operates on top of readers and ifdhandlers and it should always work, no matter how the drivers are implemented. Currently the scenario described here does not. So the issue is perfectly valid.

Changed 11 months ago by martin

Also see #168

Note: See TracTickets for help on using tickets.