Cert based client auth with Lithuanian National ID cards fails with sec_error_pkcs11_device_error

UNCONFIRMED
Unassigned

Status

NSS
Libraries
P3
normal
UNCONFIRMED
2 years ago
4 months ago

People

(Reporter: ZaltysZ, Unassigned)

Tracking

(Blocks: 1 bug)

3.20.2

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20160105164030

Steps to reproduce:

Environment (tried within, not necessary required):

Lithuanian national ID card (gemalto chip based)
Windows Vita, 7, 10
Firefox version from 27.0 to 43.0
PKCS11 module loaded into Firefox from CryptoCard Suite 2 (CryptoTech) or Classic Client (Gemalto)

Steps:
Open web page which requires cert based client authentication (i.e. https://ib.swedbank.lt)
Try to authenticate by entering PIN when asked and choosing cert from card when asked


Actual results:

Firefox shows:
Secure Connection Failed
An error occurred during a connection to ib.swedbank.lt:8080. A PKCS #11 module returned CKR_DEVICE_ERROR, indicating that a problem has occurred with the token or slot. (Error code: sec_error_pkcs11_device_error) 


Expected results:

Successful authentication and redirection to protected pages.

This is how it worked before Firefox 27.0

Updated

2 years ago
Assignee: nobody → nobody
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 43 Branch → 3.20.2

Updated

4 months ago
Blocks: 1399364
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.