Hi Team,
Can you pls review below details/behavior and suggest me how to address ?
libp11 : libp11-0.4.17
libckteec.so : From vendor
OpenSSL : 3.0.15
Curl : 7.82.0
testscript:
#!/bin/sh
while true; do
curl --key "pkcs11:id=%26;type=private" --cert /tmp/cert.pem https://<mtsl_enabled_endpoint>
if [ $? -ne 0 ]; then
echo "not success"
exit 1
fi
done
On the device, pkcs11 engine from libp11 is loaded. Then running the above script from two different terminal/shell session in parallel.
The script(s) have been started then working as expected later after some iterations one script fails which returns PKCS11_get_private_key returned NULL. It looks to me thread-safe is NOT working where observing concurrency issue.
Queries on the above observation:
-> Is this expected in PKCS11 context as a limitation where two parallel process unable to access private key from the pkcs11 token?
-> Or Do we see any limitation from vendor delivery (libckteec.so)?
Pls share your inputs. Thanks.
Regards,
Murali.S
Hi Team,
Can you pls review below details/behavior and suggest me how to address ?
libp11 : libp11-0.4.17
libckteec.so : From vendor
OpenSSL : 3.0.15
Curl : 7.82.0
testscript:
#!/bin/sh
while true; do
curl --key "pkcs11:id=%26;type=private" --cert /tmp/cert.pem https://<mtsl_enabled_endpoint>
if [ $? -ne 0 ]; then
echo "not success"
exit 1
fi
done
On the device, pkcs11 engine from libp11 is loaded. Then running the above script from two different terminal/shell session in parallel.
The script(s) have been started then working as expected later after some iterations one script fails which returns PKCS11_get_private_key returned NULL. It looks to me thread-safe is NOT working where observing concurrency issue.
Queries on the above observation:
-> Is this expected in PKCS11 context as a limitation where two parallel process unable to access private key from the pkcs11 token?
-> Or Do we see any limitation from vendor delivery (libckteec.so)?
Pls share your inputs. Thanks.
Regards,
Murali.S