<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">David,</div><div class="">If you haven’t already, can you submit a tick4et for this and I’ll see what I can do. </div><div class=""><br class=""></div><div class=""><div class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="line-height: normal; orphans: 2; text-align: -webkit-auto; widows: 2; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="line-height: normal; text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="line-height: normal; text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="line-height: normal; text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="line-height: normal; text-align: -webkit-auto; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><span class="Apple-style-span" style="border-collapse: separate; line-height: normal; border-spacing: 0px;"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class="">- Shawn<br class="">_____________________________________________________________________<br class="">Shawn Geddis<span class="Apple-tab-span" style="white-space: pre;"> </span> <span class="Apple-tab-span" style="white-space: pre;"> </span> </span></font><font face="Helvetica" class=""><span style="font-size: 12px;" class="">geddis at {Mac | Me | iCloud} dot com</span></font><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><br class=""></span></font><span style="orphans: auto; widows: auto;" class="">Security and Certifications Engineer</span><font face="Helvetica" class=""><span style="font-size: 12px;" class="">, Apple geddis at { apple } dot com<br class=""><br class="">Smart Card Services Project/Dev Lead: <br class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>Project Wiki:<span class="Apple-tab-span" style="white-space: pre;"> </span> [</span></font><a href="http://smartcardservices.macosforge.org" style="text-align: -webkit-auto;" class="">http://smartcardservices.macosforge.org</a><span style="font-size: 12px; font-family: Helvetica; text-align: -webkit-auto;" class="">]</span></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>Mailing Lists:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="http://lists.macosforge.org/mailman/listinfo" class="">Lists.MacOSForge.Org/mailman/listinfo</a>]</span></font></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Contact:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-cotact@macosforge.org" class="">scs-cotact@macosforge.org</a>]</span></font></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><span class="Apple-tab-span" style="white-space: pre;"> </span>SCS Admin:<span class="Apple-tab-span" style="white-space: pre;"> </span> [<a href="mailto:scs-admin@macosforge.org" class="">scs-admin@macosforge.org</a>]</span></font></div><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class="">_____________________________________________________________________</span></font><br class=""></div><div class=""><font face="Helvetica" class=""><span style="font-size: 12px;" class=""><br class=""></span></font></div></span></div></div></div></div></div></div></div></div></div></div></div><blockquote type="cite" class="">On Oct 23, 2015, at 1:09 PM, <a href="mailto:david.lloyd@fsmail.net" class="">david.lloyd@fsmail.net</a> wrote:<br class=""><br class="">Hi,<br class=""><br class="">I have been doing a little bit of debugging with the YubiKey Neo PIV card USB dongles on MacOSX (<a href="http://www.amazon.com/Yubico-Y-072-YubiKey-NEO/dp/B00LX8KZZ8/ref=sr_1_1?" class="">http://www.amazon.com/Yubico-Y-072-YubiKey-NEO/dp/B00LX8KZZ8/ref=sr_1_1?</a><br class="">ie=UTF8&qid=1445630304&sr=8-1&keywords=Yubikey+neo).<br class=""><br class="">It looks like they aren't 100% PIV compliant, and they are falling over in PIVToken.cpp::probe()...<br class=""><br class=""><br class=""><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span>byte_string cccOid((const unsigned char *)oidCardCapabilityContainer, oidCardCapabilityContainer + sizeof(oidCardCapabilityContainer));<br class=""><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span>byte_string cccdata;<br class=""><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span>getDataCore(cccOid, "CCC", false, true, cccdata);<br class=""><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span><span class="Apple-tab-span" style="white-space:pre"> </span>PIVCCC ccc(cccdata);<br class=""><br class=""><br class="">They do not return the CardCapabilityContainer here (although interestingly enough the other ADPU calls do return certificates at this point!).<br class=""><br class="">You can reproduce this by running opensc-explorer and issuing:<br class=""> apdu 0 cb 3f ff 5 5c 3 5f c1 7<br class="">This returns 0x6a82 (file not found).<br class=""><br class="">This call, however:<br class=""> apdu 0 cb 3f ff 5 5c 3 5f c1 5<br class=""><br class="">Returns the X509 certificate correctly.<br class=""><br class=""><br class="">If I disable the probe call to GetDataCore for the CardCapabilityContainer, the device works correctly in Safari.<br class=""><br class=""><br class="">I have reported the issue to Yubico, but I am interested to see if you have any recommendations as to how to patch this in TokenD. You have a "GetDataExists" method in there which would <br class="">prevent the exception. I guess that you need a unique ID for the smart card in probe though (would the CHUID be an alternative choice - that works?)<br class=""><br class="">Let me know what you thing!<br class=""><br class="">DDD<br class="">_______________________________________________<br class="">SmartcardServices-Users mailing list<br class=""><a href="mailto:SmartcardServices-Users@lists.macosforge.org" class="">SmartcardServices-Users@lists.macosforge.org</a><br class="">https://lists.macosforge.org/mailman/listinfo/smartcardservices-users<br class=""></blockquote><br class=""></body></html>