ader.c. I suspect the dlopen() call of libfreebl3.so
failed because it could not find libfreebl3.so. I suggest you
investigate in that direction.
By the way, are you using a MIPS development board such as Creator
Ci20 that I can easily buy to reproduce your problem?
Wan-Teh Chang
--
dev-tech-cry
On Wed, Feb 10, 2016 at 11:50 PM, WebDoctor wrote:
> Hi,
>
> I'm working in a Firefox extension that will use some cryptographic
> operations.
>
> The problem I found is that when I sign data using the private key in the
> server-side, I couldn't find any appropriate
On Tue, Dec 1, 2015 at 8:55 AM, Julien Vehent wrote:
>
> AES-NI is fast enough that we shouldn't have to care:
>
> $ openssl speed -evp aes-256-gcm
> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
> aes-256-gcm 385250.93k 983154.24k
On Mon, Oct 7, 2013 at 11:17 AM, Brian Smith br...@briansmith.org wrote:
I think it is likely that some vendors of NSS-based products with very
conservative backward-compatibility guarantees, like Oracle and maybe
Red Hat, may need to continue supporting SSL 2.0 in their products due
to
On Mon, Oct 7, 2013 at 12:02 PM, Brian Smith br...@briansmith.org wrote:
If you are referring to something other than the TLS_*_SHA256 cipher
suites, please be more specific as to what you are referring to.
Brian,
If you can enable TLS 1.2 by default in Firefox, that should make
Mountie
/show_bug.cgi?id=912360
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Aug 16, 2013 at 11:13 AM, Camilo Viecco cvie...@mozilla.com wrote:
Hello Brian
I think this proposal has 3 sections.
1. Unifing SSL behavior on browsers.
2. Altering the criteria for cipher suite selection in Firefox (actually
NSS)
3. removing certain cipher suites from the default
On Fri, Aug 16, 2013 at 3:36 PM, Rob Stradling rob.stradl...@comodo.com wrote:
Wan-Teh, why do you think Firefox should specify a preference for ECDSA over
RSA?
Because ECDSA is more secure than RSA, and ECC implementations will
become faster over time.
The ordering of RSA and ECDSA is really
messages.
If you are using the NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option,
please let me know. If you call SSL_CanBypass before enabling the PKCS
#11 bypass mode, you should not need the
NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option.
Thanks,
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev
On Mon, Jun 10, 2013 at 3:43 PM, Robert Relyea rrel...@redhat.com wrote:
Yeah, you need to use the new assembler on RHEL-5:
As root:
yum install binutils220
As user:
export PATH=/usr/libexec/binutils220:$PATH
Then do you your build.
Bob, could you add the above to the NSS build
Kai,
Thank you for creating the NSPR 4.10 and NSS 3.15 releases.
I have just announced the NSPR 4.10 release in the NSPR newsgroup:
http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-Release-tc280660.html
http://permalink.gmane.org/gmane.comp.mozilla.devel.nspr/1698
On Tue, May 21, 2013 at 12:11 AM, Ashwani Kadian
ashwani.kad...@oracle.com wrote:
Hi All,
In NSS 3.14.3 build process, shlibsign crashes while trying to sign
libsoftokn3.sl on HP-UX 64 bit machine. It works fine on 32 bit HP-UX.
Hi Tiago,
On Fri, Feb 15, 2013 at 11:34 AM, TIAGO ALVES alvesfons...@ibest.com.br wrote:
I saw previous messages that reported build problems in the NSS - PKCS
#11 Test Suites.
I would like to know if those issues have already been addressed?
We never had the time to retrieve the source
[NOTE: NSS 3.14.2 does not include a fix for the attacks described in
the paper Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
(http://www.isg.rhul.ac.uk/tls/). An upcoming NSS patch release will
address the attacks.]
Network Security Services (NSS) 3.14.2 is a patch release for NSS
On Mon, Jan 28, 2013 at 4:34 AM, Kai Engert k...@kuix.de wrote:
I commented on the patch for bug 834091 that you included in
mozilla-central in the bug. It seems you are adding a new API to mozilla
desktop that hasn't been fully reviewed nor checked in to NSS yet.
On Thu, Jan 24, 2013 at 1:52 AM, Sergey Emantayev
sergey.emanta...@gmail.com wrote:
For the reference, I'm attaching the back ported fix for the 3.12.5, with no
warranties.
[...snipped]
--- nss-3.12.5-orig/mozilla/security/nss/lib/ssl/sslimpl.h Tue Jan 15
16:40:47 2013
+++
2012/11/27 Brian Teh tehhzs...@gmail.com:
THUNDERBIRD_LDFLAGS = -L$(THUNDERBIRD_OBJDIR_PATH)/mozilla/dist/lib \
-lxpcomglue_s\
-lxpcom \
-lmozalloc \
-lnss\
On Wed, Oct 24, 2012 at 10:19 PM, Julien Pierre
julien.pie...@oracle.com wrote:
The following changes may be problematic :
1) * New default cipher suites
( https://bugzilla.mozilla.org/show_bug.cgi?id=792681 )
The default cipher suites in NSS 3.14 have been changed to better
reflect the
On Tue, Oct 2, 2012 at 7:45 PM, Michael Demeter
michael.deme...@intel.com wrote:
Continuation would then be to eliminate any unnecessary work being
done to increase the randomness..Since the HW generated values
can be used directly. This could help a small little bit in performance
(but that
On Sat, Aug 11, 2012 at 5:37 AM, Gökçen Eraslan
gokcen.eras...@gmail.com wrote:
When I traced the code I see that sec_pkcs7_create_signed_data call
returns successfully but sec_pkcs7_add_signer fails.
Trace is like that:
sec_pkcs7_add_signer - CERT_VerifyCertificate - CERT_VerifyCertChain
On Thu, Jul 12, 2012 at 3:20 AM, Sam Laidler
sam.laid...@the-logic-group.com wrote:
I want to distribute NSS without the MS redistribution package. When I read
the following,
I got the impression that it should be theoretically possible:
https://developer.mozilla.org/en/USE_STATIC_LIBS
Rob,
Please fix the bug in the old certificate verification library. Thanks.
Are you going to use the approach outlined by Nelson in bug 479508 and
bug 482153?
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Mon, May 21, 2012 at 5:21 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Hi Wan-Teh, Nelson, could it be that this error is also raised by the client
if the client can not 'participate' in ssl client-auth?
Yes, this is possible.
Unfortunately I only got a text-output
On Tue, May 8, 2012 at 7:33 PM, Nelson B Bolyard nel...@bolyard.me wrote:
Bernhard,
I think the most likely explanations are these:
1) Server certificate has a public key that is too small, too large, has a
too small public exponent (if RSA), an unknown key type, or a key for an
Elliptic
On Mon, May 7, 2012 at 9:20 AM, Marc Patermann
hans.mo...@ofd-z.niedersachsen.de wrote:
Hi,
I posted my issue on Thunderbird-Enterprise before and Ludovic Hirlimann
sent me here.
I created an own CA and put the cert in cert8.db by GUI in Thunderbird 10
ESR.
As far as I understand it, the
interface, so
that we can implement the verify() method with constant time byte
comparison.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Wed, Apr 4, 2012 at 12:47 PM, Anders Rundgren
anders.rundg...@telia.com wrote:
Mozilla should IMO rather hook into the
other vendors cryptographic solution, possibly at the expense of NSS.
According to a [colleage] of mine Chrome even use the platform's SSL
implementation! Well, not in
On Wed, Apr 4, 2012 at 4:39 PM, Brian Smith bsm...@mozilla.com wrote:
I don't know what platform JV is on, but I know on Mac OS X,
all the internal symbols in FreeBL and maybe other libraries
are exported. This is how the Firefox Sync developers got
so far in developing their JavaScript
?id=608587
Thanks to Rob Stradling of Comodo for reporting the bug and providing a
patch.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Mar 9, 2012 at 9:56 AM, Brian Smith bsm...@mozilla.com wrote:
The second question is: Should we change the string in the display of the
*root* certificate from VeriSign, Inc. to Norton.
Ideally this string should come from the certificate. The fundamental
purpose of a certificate is
On Thu, Jan 19, 2012 at 1:43 AM, Brian Smith bsm...@mozilla.com wrote:
HTTPbis seems to be in its final stages. Although it is supposed to be a
somewhat minor revision, quite significant changes have been made to
the spec. We should review the changes and make sure we provide our
feedback
On Wed, Jan 18, 2012 at 2:44 PM, Brian Smith bsm...@mozilla.com wrote:
Mike Hommey wrote:
Please note that this is going to be a problem on systems that have
system nspr and nss libraries that other system libraries use.
I am intending to avoid changing how NSS is linked on Linux, at least at
On Wed, Jan 4, 2012 at 3:51 PM, Brian Smith bsm...@mozilla.com wrote:
But, it is a little distressing that Google Chrome seems to avoid libpkix
whenever possible, ...
This is not true. In fact, Google Chrome is an early adopter of libpkix,
and works very hard to fix or work around the bugs in
On Tue, Oct 18, 2011 at 2:41 PM, Brian Smith bsm...@mozilla.com wrote:
Will we release a special update to NSS 3.13 to fix the regression bug
693228, or will we wait until the next release?
NSS 3.13.1 will be that special update to NSS 3.13 to fix bug 693228
and any other regressions we know
On Mon, Oct 17, 2011 at 1:11 AM, Gen Kanai gka...@gmail.com wrote:
4. Ported to iOS. (Requires NSPR 4.9.)
Hi Wan-Teh,
Thank you for this notice.
I'm more just curious but do we know of any publicly software shipping
for iOS that uses NSS 3.13?
I don't know of any. FYI, here is the bug:
to return the NSS version string.
7. Added experimental support of RSA-PSS to the softoken only
(by Hanno Böck, http://rsapss.hboeck.de/).
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Oct 14, 2011 at 10:14 AM, Elio Maldonado emald...@redhat.com wrote:
Hi all,
NSS is listed as its own project and as a rung 1 project at
http://scan.coverity.com/rung1.html
if I understand correctly means there is an official contact for nss.
I need to see the results of the nss
On Thu, Oct 13, 2011 at 3:54 AM, Pontus Ericson kpc.eric...@gmail.com wrote:
Hi
I mailed this mailinglist a few weeks ago regarding the development of
DNS-based certification authentication for S/MIME.
I am now starting the project fully and I'm going to use Thunderbird/Mozilla
NSS in the
attributes.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Sep 23, 2011 at 2:02 PM, Douglas Stebila doug...@stebila.ca wrote:
Perhaps someone will take a look at this forlorn bug and patch?
https://bugzilla.mozilla.org/show_bug.cgi?id=660394
Yes, I can take a look at the patch.
Wan-Teh
--
dev-tech-crypto mailing list
On Thu, Sep 22, 2011 at 5:22 AM, Pontus Ericson kpc.eric...@gmail.com wrote:
Hi.
My name is Pontus Ericson and I'm a computer science student at the Royal
Institute of Technology in Stockholm, Sweden. I am currently doing my master
thesis where I will explore the possibility of deploying
/buglist.cgi?list_id=1105376resolution=FIXEDclassification=Componentsquery_format=advancedtarget_milestone=3.12.11product=NSS
plus the following bug:
Bug 668397: Crash when verifying certificate chain containing Fortezza
certificates
(the smaller patch for NSS_3_12_BRANCH only)
Wan-Teh Chang
my objection to this proposal before I forget
again. I won't repeat the arguments given by Nelson Bolyard and Marsh
Ray.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Apr 29, 2011 at 6:30 AM, Nate Hoellein natehoell...@gmail.com wrote:
Hi - I'm attempting to build nss on windows and getting the following
output:
code
$ make nss_build_all
cd ../coreconf ; make
make[1]: Entering directory `/c/mozilla/security/coreconf'
cd nsinstall; make export
On Thu, Apr 28, 2011 at 4:50 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
BTW isn't there somewhere a page with the corespondance between NSS and
Firefox version ? I believe there is one, but can't find it again.
The page is
On Wed, Apr 27, 2011 at 6:42 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
Jean-Marc Desperrier wrote:
Johan Sys wrote:
[...]
We did some tests with name constraints with positive results:
SubCA with name constraint as follows :
Permitted
[1]Subtrees (0..Max):
DNS
On Mon, Apr 11, 2011 at 1:45 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Hi experts,
I'm experiencing an interesting issue.
OpenAM url-policy agent, which is using NSS/NSPR, 'hangs' when trying to
establish a connection to an SSL-enabled server.
OS: Solaris10
On Thu, Apr 21, 2011 at 1:06 PM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Hi experts, according to
'https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables'
PKCS#11 crypto module will throw an error if not initialized by the process
which will use it
On Wed, Apr 20, 2011 at 3:27 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Hi experts, it would be great if some could shed some light on the
following
OpenAM web-agents are using NSS/NSPR for outbound connections.
I get a core-dump of Apache http server when agent
On Wed, Apr 20, 2011 at 7:46 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Thanks for the pointer Wan-Teh
meanwhile I already used dbx and got this ...
You're right. I haven't used Solaris for a long time. If
you compile the code with Sun Studio compilers, you
should
On Fri, Apr 8, 2011 at 12:50 PM, Honza Bambas hon...@allpeers.com wrote:
I'm getting the no issuer chain error even when I first visit the
https://crm.ausnetservers.net.au link with an empty (clean) profile - so
there is certainly no cert exception nor any additional certificates.
I don't
On Thu, Apr 7, 2011 at 5:26 AM, Joachim Lingner
joachim.ling...@oracle.com wrote:
Hi,
I am testing NSS 3.9.12 with CKBI 1.82 on Windows. To verify that the bogus
certificates are recognized as such I run vfychain. The certificates are
exported from the Windows certificate store.
Having
On Thu, Apr 7, 2011 at 3:02 PM, Robert Relyea rrel...@redhat.com wrote:
I had thought these were in, but I was thinking of a different bug with
a patch by Aleksey. I've marked these as target 3.12.10.
I just checked in the patches in NSS bugs 559508 and 559510 on the
NSS_3_12_BRANCH.
Wan-Teh
On Wed, Mar 30, 2011 at 6:45 AM, Kaspar Brand m...@velox.ch wrote:
Sounds good. security/nss/lib/jar is currently the other place which
also depends on the NSS_X* macros, i.e. it should be a header file which
can be used by files outside freebl, too.
I see. security/nss/lib/util/secport.h is
On Tue, Mar 29, 2011 at 11:21 AM, Mark Mentovai m...@chromium.org wrote:
I would avoid this. -Xarch_arch is implemented as an Apple GCC
driverdriver option and isn’t available in mainline GCC or even the
Apple GCC’s CPU-specific frontends (such as i686-apple-darwin10-
gcc-4.2.1). -Xarch_arch
On Wed, Mar 2, 2011 at 3:23 AM, Gervase Markham g...@mozilla.org wrote:
Usually, we prefer mentors to propose projects because then we know that the
project is something the mentor is interested in mentoring, and we can
assess the project as being of an appropriate size and complexity.
Hi
The inability to allocate mp_int variables on the stack is not as bad
as it seems. This is because the 'dp' array inside an mp_int still
needs to be allocated from the heap. An mp_new function can allocate
the mp_int structure and the 'dp' array in one shot if the number of
digits needed is
On Wed, Feb 23, 2011 at 3:26 AM, Gervase Markham g...@mozilla.org wrote:
Hi NSS team,
Are any of you interested in submitting a proposal for a Summer of Code
project for Bugzilla this year, and mentoring it?
https://wiki.mozilla.org/Community:SummerOfCode11:Brainstorming
Hi Gerv,
I just
On Mon, Feb 28, 2011 at 9:03 AM, Jean-Marc Desperrier jmd...@gmail.com wrote:
Hi,
There was some talk last october about accessing the mp_int API from
javascript, and so freezing it in order to make it available as a frozen
API.
Nelson concluded that the one difficult point would be to
On Thu, Feb 17, 2011 at 7:10 AM, Stephen Hanna sha...@juniper.net wrote:
Does Thunderbird support certification path building? If so, how
is it enabled and configured?
Hi Steve,
I am confused by your question. An S/MIME client obviously must
support certification path building by default.
On Tue, Feb 15, 2011 at 8:19 AM, David B Hinz dbh...@raytheon.com wrote:
Was there a bug fix to JSS 4.2.5, 4.3, or 4.3.1 that dealt with a problem
with sockets not being closed properly when a client application was
shutting down?
I don't know which bug you're referring to.
This Bugzilla
On Mon, Jan 31, 2011 at 1:55 AM, mandeep alluru reddy.mand...@gmail.com wrote:
Hello Everyone,
I am new to using NSS and have been exploring the features of NSS for
the past two weeks. I would like to know if NSS supports TLS Next-
Protocol-Negotiation and TLS snap start extensions. I would
On Sun, Jan 30, 2011 at 1:32 AM, Nelson B Bolyard nel...@bolyard.me wrote:
Firefox doesn't send TLS client hellos to servers that fail to complete
ANY handshake with ANY version of SSL or TLS some number of times in a row
when it has tried sending TLS client hellos. Once it decides the server
On Thu, Jan 27, 2011 at 6:06 AM, Martin Boßlet
martin.boss...@googlemail.com wrote:
But I again checked the trust settings for the CA certificates.
They're fine...
Did you check your client certificate in Firefox 4 to make sure it's
imported correctly?
In Firefox 4, open Options (or
On Wed, Jan 26, 2011 at 4:38 AM, Martin Boßlet
martin.boss...@googlemail.com wrote:
I want to authenticate to a server using TLS client authentication, so
I imported a PKCS#12 file for this purpose.
Unfortunately the certificate is from an internal CA that does neither
issue keyUsage,
On Wed, Jan 19, 2011 at 8:08 PM, Nathan Craike ncra...@gmail.com wrote:
Is it possible to build the 32-bit version on a 64-bit Mac? The Mac OS X man
page for gcc describes an Apple only option -arch:
-arch arch
Compile for the specified target architecture arch. The
allowable
On Wed, Jan 12, 2011 at 2:38 PM, Robert Relyea rrel...@redhat.com wrote:
On 01/12/2011 01:26 PM, Bernhard Thalmayr wrote:
331569088[1bd1610]: C_UnwrapKey
331569088[1bd1610]: hSession = 0x6
331569088[1bd1610]: pMechanism = 0x7fffcd592ea0
331569088[1bd1610]: hUnwrappingKey = 0x8
On Thu, Jan 13, 2011 at 2:53 AM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
It might be helpfull if SSLTRACE and PKCS#11 could log a timestamp to help
in correlation.
You can add 'timestamp' to the NSPR_LOG_MODULES environment variable. See
On Wed, Jan 12, 2011 at 2:02 PM, Bernhard Thalmayr
bernhard.thalm...@painstakingminds.com wrote:
Am'I wright that 'C_DeriveKey' is actually 'NSC_DeriveKey' in
http://mxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11c.c ?
Yes. C_DeriveKey is a function pointer. It points to the
On Tue, Jan 11, 2011 at 4:48 AM, Irune Prado Alberdi ipr...@zylk.net wrote:
Up to this point I can properly work with my certificates in firefox but when
I try to simultaneously access it via certutil I get blocked
pre
~/.pki/nssdb$ certutil -d sql:. -K -h izenpe
/pre
This doesn't block
On Tue, Jan 11, 2011 at 4:48 AM, Irune Prado Alberdi ipr...@zylk.net wrote:
While if I terminate the pkcs11 session in firefox I can successfully acces
the token
pre
$ certutil -d sql:. -K -h izenpe
certutil: Checking token Builtin Object Token in slot NSS Builtin Objects
certutil: no keys
Bob,
Thank you for writing the meeting notes. I will also be out next week.
NSPR 4.8.7 Beta 2 looks good. The only additional patch I may include
in NSPR 4.8.7 is the second patch in
https://bugzilla.mozilla.org/show_bug.cgi?id=604263.
Re: NSPR IPv6: for reasons I don't remember and can't
Dave,
I can help you write a patch to fix this problem.
The (-8157) Certificate extension not found part in the error message:
org.mozilla.jss.crypto.NoSuchItemOnTokenException: Expected user
cert but no matching key?: (-8157) Certificate extension not found
is most likely wrong (a stale error
Hi passfree:
On Wed, Nov 24, 2010 at 9:32 AM, passfree passf...@googlemail.com wrote:
I am developing a generic SSL pipe XPCOM component which can be used
on any Input/Output stream pair. So far it sort of works but I am
facing one problem and I am not sure how to deal with it. The problem
On Thu, Nov 18, 2010 at 3:08 PM, Brian Smith bsm...@mozilla.com wrote:
(Note that this is to: dev-tech-crypto)
Short Version: We are looking at taking a private patch for one Firefox beta
cycle in
mozilla-central to export the MPI functions from FreeBL on all platforms in
our private
copy
On Tue, Nov 9, 2010 at 9:23 PM, Wolter Eldering
wolter.elder...@vanad.com.cn wrote:
Hi Wan-Teh,
I was wondering if you found my patches useful? Or maybe I can help in any
way.
Hi Wolter,
Thank you for attaching your patches and test results to bug 595134:
On Wed, Oct 27, 2010 at 10:25 PM, Ashok Subash subash.as...@gmail.com wrote:
Now i could initialize NSS successfully and created the cert and key
db using SQL Lite as the database.
Now am getting a SSL Connect error when browsing secure site like
gmail.com
What's the error code when SSL
On Sat, Oct 23, 2010 at 5:06 AM, Ashok Subash subash.as...@gmail.com wrote:
Hi Wan-Teh,
I hope i can disable the NSSDBM module without affecting anything else
in static DLL approach. I'm assuming it will be then SQLite for
storing all the certs and keys.
Yes, that's correct.
I'm planning
On Fri, Oct 22, 2010 at 8:33 AM, Ashok Subash subash.as...@gmail.com wrote:
Is there any other files that i need to port other than NSPR.
Probably not. NSS depends on the following:
- Standard C Library
- NSPR
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Thu, Oct 21, 2010 at 3:53 PM, Nelson B Bolyard nel...@bolyard.me wrote:
I'd say the interfaces to those functions (more precisely, their
signatures) are quite frozen. The mp_int bignum package API is so
frozen as to have become something of a standard of its own. There
are now at least 3
On Sun, Oct 10, 2010 at 7:45 AM, Matej Kurpel mkur...@gmail.com wrote:
What turned out to be the problem, was that
the CK_BBOOL values were 4-bytes and not 1 byte in size. Took some hours and
some hair to discover, but hopefully someone finds this if he has the same
problem and solves it
Hi Dmitry,
I published unsupported patches for using NSS as static libraries in
https://bugzilla.mozilla.org/show_bug.cgi?id=534471. (Please do not
post questions in that bug report. I want to keep the bug report
focused on the patches.) You're welcome to try them. Note that I
didn't go all
=525092#c24 making it minimally
available requires one call to set the SSL_ENABLE_FALSE_START option, and a
preference to optionally disable it. Handling the black list is more work, I
don't know if Google plans to make their list a public resource, maybe
Wan-Teh Chang can tell)
It was added
On Fri, Sep 24, 2010 at 11:12 PM, Wolter Eldering
wolter.elder...@vanad.com.cn wrote:
I've added my patches and some test results to bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=595134
Thank you very much!
I needed to start chrome like this: chrome-linux/chrome-wrapper
--single-process
On Sun, Sep 19, 2010 at 12:39 AM, Wolter Eldering
wolter.elder...@vanad.com.cn wrote:
Because we deal with a large number of certificates I've also have some
patches to reduce the number of queries to the sql: type database.
And a patch that will make the NSS_SDB_USE_CACHE=yes perform much
On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith br...@briansmith.org wrote:
Wan-Teh Chang wrote:
I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13).
Would this include support for SSLv2-v3 upgrade hellos?
I forgot to talk about this issue. We'll need to keep the
server-side
On Fri, Aug 27, 2010 at 2:05 PM, Brian Smith br...@briansmith.org wrote:
In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a
(potentially-)FIPS-140-compliant implementation required? Or, would it be
acceptable in the short-term to have an implementation that is known to
I propose that we remove SSL 2.0 support from the NSS
trunk (NSS 3.13).
SSL 2.0 is an old and insecure protocol. No products
should be using SSL 2.0 today. But removing the SSL
2.0 code from NSS has one major benefit to the continual
development of NSS's SSL library: it'll make the code
base
On Wed, Aug 25, 2010 at 1:39 PM, msm Li mlim...@gmail.com wrote:
First thing first, does Mozilla have such plan to port NSS/JSS to smart
phone
platform ?
Mozilla doesn't use JSS, so Mozilla is unlikely to work on
porting JSS to new platforms.
Mozilla is porting NSS to Android. I have not
On Wed, Aug 18, 2010 at 3:47 AM, David Stutzman
david.stutz...@nospam.dstutz.com wrote:
If I query the Mozilla-JSS provider for the algorithms it supports, I get
the following EC Signature algorithms:
SHA1withEC
SHA256withEC
SHA384withEC
SHA512withEC
Is there any way to change/add some
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel mkur...@gmail.com wrote:
Hello,
I am trying to implement a PKCS#11 module for my diploma thesis. It is
intended to be used with thunderbird. I am using opensc pkcs11-spy module to
debug it. I have a problem for quite some days I don't seem to be
On Mon, Aug 2, 2010 at 12:10 PM, Brian Smith br...@briansmith.org wrote:
I read a rumor that Mozilla received explicit permission from RSA labs to
distribute the PKCS#11 header files under the Mozilla tri-license. Does
anybody know anything about that, and how I can verify it?
That's also what
On Fri, Jul 30, 2010 at 11:29 AM, Nelson B Bolyard nel...@bolyard.me wrote:
I think you're right. I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=583308
with a patch to fix at least one problem.
I ran Hanno's test program in a debugger.
I saw the problem that Hanno reported, that
the
On Mon, Jul 26, 2010 at 6:07 AM, Hanno Böck ha...@hboeck.de wrote:
Hi,
Just recently, the templates for decoding the RSA-PSS ASN1 parameters got
added to cvs head (in cryptohi/seckey.c).
Currently I'm working on implementing the creation of PSS signatures, so I
need them also to encode. My
On Tue, Jul 27, 2010 at 10:09 AM, Pat lync...@gmail.com wrote:
Hello,
Can anyone explain what is going wrong with the following scenario?
Using NSPR 4.8, NSS 3.12.6, JSS 4.3.1 with JDK 1.6_21 on Windows XP
Professional SP 3. FIPS mode is enabled.
I'm trying to open an LDAP connection to
I can suggest two things to help track this down.
1. Find out which DLLs require IESHIMS.DLL and WER.DLL.
This should be a chain of DLL dependencies that ultimately
leads to an NSS or NSPR DLLs (the culprit). Right now I
don't know what the culprit is.
The NSPR DLLs are:
nspr4.dll, plc4.dll,
Hi Cad,
On Mon, Jul 19, 2010 at 10:56 AM, Caden.smith Smith
caden.smith...@gmail.com wrote:
Just for your information, here is the tree:
JSS4.DLL
NSPR4.DLL
ADVAPI32.DLL
SECUR32.DLL
NETAPI32.DLL
DNSAPI.DLL
MPRAPI.DLL
SETUPAPI.DLL
Hi Paul,
IESHIMS.DLL, WER.DLL, NCRYPT.DLL, and BCRYPT.DLL
are all Windows system DLLs. So you cannot copy them
from one version of Windows to another version of Windows.
System DLLs should already be installed on a system.
In particular, NCRYPT.DLL and BCRYPT.DLL are newly
added in Vista, so
Hi Cad,
If you use MozillaBuild, do not use Netscape's wintools.
MozillaBuild is a one-stop shopping package and gives
you everything you need (except the compiler) to build
NSS.
To fix your build problem:
1. Remove Netscape's wintools from your computer.
2. Use make instead of gmake.
Details:
On Tue, May 25, 2010 at 11:06 AM, Marsh Ray ma...@extendedsubset.com wrote:
But by that logic, the client should refuse to handshake at all with a
non-RFC-5746 server. (In reality that eventually needs to become the
default behavior).
I agree. A strict client should refuse an initial
1 - 100 of 391 matches
Mail list logo