jss3.dll linked against the wrong libraries
Hi, I just downloaded the jss3.dll binary from Mozilla's FTP server and noticed that it was linked against the wrong libraries : - libnspr4.dll instead of nspr4.dll ; - libplc4.dll instead of plc4.dll ; - libplds4.dll instead of plds4.dll ; Creating copies of the valid DLLs and renaming them to the wanted ones fixes the dependencies error - but is not that clean. Regards, Kostya
Re: Certificate Selection
Henrik, Henrik Gemal wrote: How does Mozilla select certificates to show to a webserver when the server asks for a certificate? The web server firstsends Mozilla a list of valid CA certificates from which it will accept client cert. Mozilla then looks through the available client certs. The most common case is there is zero or one match, so the automatic choice is easy. If there is more than one, I believe Mozilla will pick the most recently issued certificate. You can however force Mozilla to prompt you by setting Edit/Preferences/Privacy Security/Certificate/Ask every time . If a spammer set up a cert login site I would automaticly show me the cert? Yes, but only if they first knew who issued your certificate, as the spammer's SSL web server would need to present the correct issuer CA certificate for this to work. Also, note that presenting your certificate to a spammer does not accomplish anything more than authenticating you as the owner of the certificate. The spammer knows who you are at that point based on the certificate, however he cannot replay the authentication, because he doesn't have the private key.
Re: Certificate Selection
In article [EMAIL PROTECTED], [EMAIL PROTECTED] says... Henrik, Henrik Gemal wrote: How does Mozilla select certificates to show to a webserver when the server asks for a certificate? The web server firstsends Mozilla a list of valid CA certificates from which it will accept client cert. Although a server sending an empty list is strictly speaking illegal in SSL/TLS some implementations will tolerate it and interpret it as any CA. No idea if Mozilla does though... Steve. -- Dr Stephen N. Henson. Core developer of the OpenSSL project: http://www.openssl.org/ Freelance consultant see: http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED], PGP key: via homepage.
Re: Certificate Selection
Stephen Henson wrote: Although a server sending an empty list is strictly speaking illegal in SSL/TLS some implementations will tolerate it and interpret it as any CA. No idea if Mozilla does though... NSS enforces the SSL/TLS specs and will not tolerate an empty CA cert list from the server.