There's a fixed libusb timeout value (30 seconds) in ccid_transceive_secure() function. Our users have troubles entering PIN longer than cca 20 digits in such a short time span.
I've attached a patch that addresses this issue by creating a configuration option 'pinpad-timeout' defaulting to 30 seconds.
In general, if it requires more time, a reader can reply with time extension.
The timeout of USB transfer is the lower-level thing in CCID protocol. It does *not* define the user interaction timeout.
Changing the lower-level USB transfer timeout means that some errors cannot detected soonish.
In my opinion, it is a card reader implementation, which should be fixed. It would be good if users can share the information of broken readers.
Thanks for pointing me in the right direction. I was confused by the hard-coded timeout value and got it all wrong.