Per Nilsson

So it would seem yubihsm_pkcs11 is not getting deinitialized in any way, and hence cannot know that it should close the session(s). This will leave a session open in the...

C_OpenSession doesn't open a physical session because with the yubihsm a session is always encrypted, so we can't open one until we have a password. Secondly, since login state is...

Maybe this could be useful https://github.com/latchset/pkcs11-provider

It has been tested with pkcs11-tool and should work. My guess would be that it is not finding the config file. You can set the YUBIHSM_PKCS11_DBG environment variable to get...

Thank you, I will forward this request to product management.

That config file is for the pkcs#11 module, the shell uses a different format. The config file for the shell simply allows you to specify the same options you would...

The supported options are the same as the command line 'long options' i.e. the ones with a double dash. You can see them in the source file src/cmdline.ggo or from...

The verbosity is a set of bit flags, where YH_VERB_QUIET sets none and YH_VERB_ALL sets all flags. See their definitions in yubihsm.h around line 130. Regarding cert and key, yes...

Mutual authentication with HTTPS only occurs if the server requires client certificates. yubihsm-connector itself has no support for requiring client certificates, so if this is desired then one must use...

All of the the above being said, it is not unreasonable to implement https with client certificates support in the WinHttp backend, something that at first glance looks doable. Im...