Re: Certificate Chains, PKCS12 and Mozilla

Thank you Julien, The problem was that the certificates of intermediate authorities didn't have the Object Signing CA and S/MIME CA bits from the NetscapeCertType extension activated. Julien Pierre wrote: Hi, [EMAIL PROTECTED] wrote: I have a PKI with 3 levels: 1. A root self-signed

Re: PSM and crl distribution point

Julien Pierre wrote: Jean-Marc Desperrier wrote: Is there a way to get PSM to make any use of the crl distribution point (crldp) extension ? How is it handled within NSS ? (I could check the source/doc. I will if nobody feels inclined to respond) Or you could type distribution point in bugzilla

Re: LDAP CRLs

Julien Pierre wrote: Scott Rea wrote: I am doing this on a Windows 2000 box and an LDAP URL opens the Windows Address Book [not very helpful] whether I enter the URL in IE or Mozilla. How can I get Mozilla to do the same as it does for *.crl files that are entered into the address bar? Woops.

Re: NSS ignoring next update on CRL check

Julien Pierre wrote: In many situations, eg. if your client (or even server) is in a submarine, with no available connection to the outside world to download a newer CRL, it may be acceptable to use the latest CRL available, even if the nextUpdate has passed, than to fail altogether. If you're

Re: PSM and crl distribution point

Jean-Marc Desperrier wrote: [In case the CRL doesn't include onlySomeReasons in the IDP] [...] the code can support the extension just by making sure that the cert matches the information inside the IDP (has a CRLDP that matches IDP's distributionPoint, is of the right type: CA, user,

Re: NSS ignoring next update on CRL check

Jean-Marc, Jean-Marc Desperrier wrote: In many situations, eg. if your client (or even server) is in a submarine, with no available connection to the outside world to download a newer CRL, it may be acceptable to use the latest CRL available, even if the nextUpdate has passed, than to fail

Re: PSM and crl distribution point

Jean-Marc, Jean-Marc Desperrier wrote: This is not currently supported in NSS. See bugzilla 133191 . At this time, the only CRL format supported by NSS is full CRLs. Sorry Julien, there's a confusion here. The one I was talking about is the certificate extension, which is named CRL

enablePrivilege

Forgive me if this has already been covered, but I couldn't find it anywhere in the list (perhaps I am posting to the wrong list???) I have an XUL that I want to grant privileges to but seems I need to grant privileges for each individual JS function - is there no way to grant privs globally