[Opendnssec-user] after upgrading to 1.1.2: Error initializing libhsm

Rickard Bellgrim rickard.bellgrim at iis.se
Fri Sep 24 08:58:00 UTC 2010


On 8 sep 2010, at 10.38, Gilles Massen wrote:

> #bin/ods-hsmutil test keyper
> Testing repository: keyper
> 
> Generating 512-bit RSA key...
> answer.GetCall(KEYGEN2) failed; error 1208Failed
> hsm_get_slot_id(): could not find token with the name My Token 1
> [...]
> 
> 'My Token 1' is a token associated with the repository 'softHSM', not
> 'keyper'. The fail is correct for the keyper, though (512 bit not
> supported).

It should now be fixed in r4005 in trunk.

The problem was that the function hsm_get_slot_id() returns 0 upon an error. But 0 is a valid slot id and the calling function continues and connects to slot 0. In your case there was probably a slot 0 in SoftHSM, and the initialization process went well. The error message from hsm_get_slot_id() was still stored in the context and then read back when you hit the second error. Which should have been about the key generation failure.

Now the initialization process returns an error if a token is not found.

// Rickard




More information about the Opendnssec-user mailing list