Hi, I have a couple of questions concerning certificate handling in Firefox and PKCS#11.
When Firefox receives a X.509 cert during HTTPS establishment, the certificate (chain) is validated by NSS, right?! Is this done via PKCS#11 or are Firefox and NSS communicating via an other interface? I can't find an appropriate PKCS#11 function, accepting a certificate chain. The reason I ask is the following: We are out to implement an alternative trust model, consisting of an external (but local) Java application, managing the trust validation etc., and a Firefox extension acting as an interface between the user, the browser and the Java application. One possibility could be to develop a PKCS#11 module, which is registered in Firefox, takes the certificate chain and communicates with the Java application to receive a valid/invalid answer. But we are not sure if this is possible. Any thoughts about it? Alternatively, a simpler approach would be to omit the PKCS#11 module and let the extension directly communicate with the Java application via a local web server. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto