Hello,
I have an issue using an Identtrust ECA hardware token. I can successfully use
this token using the identrust provided driver on windows. However, on linux, I
must use the opensc module.
The opensc module identifies this card (an HID Activekey SIM) as a cac card.
The cac card sets the token label used for the nicknmae from the CN of the
first cert found on the card. The CN associated with this token has a colon ":"
in it. This is a commercial token, so I don't have control of the CN used in
these certs, so I can't simply change them..... Assuming colons are allowed in
CN's I don't think I have much leverage to get the provider to change that for
me.
when I try to select certs for thunderbird or evolution, it uses the nss lib
routine find_certs_from_nickname. the nickname has two colons in it. and the
routine tries to parse the nickname from the first : it finds
849 if ((delimit = PORT_Strchr(nickCopy, ':')) != NULL) {
However, this doesn't correctly parse, since it the common name includes a
colon.
I was able to get the mailers to select the proper cert if I changed the call
to a PORT_Strrchr call, to search from the end of the string.
However, I am not certain if a) this i the proper way to correct this bug, or
b) if there are more places where this assumption is made, and thus I need to
be more thorough.
Thanks
Bill
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
