private key not available for client_cert_cb

Michael Wojcik Michael.Wojcik at
Mon Jan 11 14:41:01 UTC 2021

> From: openssl-users <openssl-users-bounces at> On Behalf Of George
> Sent: Sunday, 10 January, 2021 21:01

> Right now I am using the "libp11" DLL (i.e. libp11-libp11-0.4.11\src\pkcs11.dll)
> with my PKCS11 smart card middleware DLL. Should I be using the OpenSC pkcs11 DLL
> instead of my middleware DLL if I am using libp1?

Honestly, I have no idea. It's been years since I worked with PKCS#11, and then I was using a single piece of test hardware. I got it working with OpenSSL using the OpenSC modules, but that may have been specific to my case.

> Do you know if it is normal to see exceptions related to the PKCS11 function calls
> in the libp11 code? For example, I can see  the following function generate an
> exception on C_GetSlotList(...) multiple times but it eventually is successful.
> Is this normal behaviour?

What sort of "exception"? A Windows exception? UNIX signal? C++ exception?

My initial guess would be that this is a timing issue - maybe the device needs some time to become available, for example. But that's just a guess. Maybe someone with more experience with a variety of HSMs and PKCS#11 will weigh in.

Michael Wojcik

More information about the openssl-users mailing list