Le 01/06/2021 à 02:45, Maurizio Avogadro a écrit :
Package: pcscd
Version: 1.9.1-1
Severity: important
Dear Maintainer,
Hello,
when adding a Bit4ID miniLector CIE Plus smartcard reader to nssdb, Chromium
becomes unable to connect to SSL websites.
The reader, actually a rebranded FEITIAN R502-Dual, has 4 slots: contactless,
contact and 2 SAM slots well hidden under the device; as stated by the user
manual, the SAM slots don't support hotplug and the SIM cards should be
inserted before plugging the reader to the USB port.
The pcscd log shows that the daemon is constantly trying to power on some card
(the empty SAM slots?) and this introduces a huge delay that easily makes the
browser reach the timeout.
As you can see from the pcsc_scan output:
$ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 CLESS] 00 00
1: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 Contact] 01 00
2: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 SAM1] 02 00
3: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 SAM2] 03 00
Tue Jun 1 01:28:51 2021
Reader 0: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 CLESS] 00 00
Event number: 0
Card state: Card removed,
Reader 1: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 Contact] 01 00
Event number: 0
Card state: Card removed,
Reader 2: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 SAM1] 02 00
Event number: 0
Card state: Card inserted, Unresponsive card,
Reader 3: BIT4ID mLector AIR DI V3 [miniLector AIR DI v3 SAM2] 03 00
Event number: 0
Card state: Card inserted, Unresponsive card,
The reader reports a card is inserted in "SAM1" & "SAM2" readers "Card inserted,
Unresponsive card,"
But the "card" is unresponsive. Of course, since there is no card.
The same happens when loading the opensc-pkcs11.so library in Firefox and this
renders the browsers unusable with the reader.
Can you do something, or should I submit this issue to the hardware vendor?
The reader should not report a card is present if no card is present. I
understand that the SAM slots do not have an card insertion mechanism. But
maybe the reader could be smart enough to ignore the slot if a first power up
fails?
Reporting the problem to the hardware vendor could help.
I guess the problem is that opensc-pkcs11.so tries to connect to the "non-present
cards".
The driver will try to power up the card but that fails after 200 ms. And you
have 2 empty slots so at least 400 ms is lost each time.
It is possible to configure pcscd so that some readers are NOT reported to the
application.
See
https://ludovicrousseau.blogspot.com/2015/12/remove-andor-customize-pcsc-reader-names.html
It may solve your problem.
Use something like: PCSCLITE_FILTER_IGNORE_READER_NAMES="SAM"
Bye
--
Dr. Ludovic Rousseau
