Hi !
I am using OpenSC's pkcs11 module to, via a Mozilla plug-in, be able to sign data using smart cards. Maybe someone that it is using this combination has experienced the same problem. The strange thing happens when replacing smart cards. I wil try to explain: Possible scenario: - Available certificates are shown to user (I get a list of them via NSS PK11_ListCerts) -User selects a cert in smart card and signs with it. Everything ok so far -User removes smart card from reader and replaces it with a different card - Available certificates are shown to user -Problem:I still get the certificate of the first smart card. I suppose NSS is caching certificate list because of performance ? Any way to get right cert? i.e accessing the new smart card ?? -I change the code of the plug-in so NSS is shut down (NSS_Shutdown) & reloaded (PR_Init + NSS_Init + dlopen nss3 & smime3) before showing available certificates (an attempt to force a refresh.). We open a new (and only one) browser. Then: - Available certificates are shown to user (nss reloaded) -User selects a cert in smart card (do not sign anything) -User removes smart card from reader and replaces it with a different card - Available certificates are shown to user. (nss reloaded). New cert in smart card shown properly - User repeats removing and replacing card. Correct certificates are always shown (note: no signing performed) - Available certificates are shown to user (nss reloaded) - User selects a cert in smart card and signs with it. Everything ok so far - User removes smart card from reader and replaces it with a different card - Available certificates are shown to user (nss reloaded) - Problem: No cert from smart card is shown. From opensc's log: Pkcs11-global.c:37:C_Initialize: C_Initialize(): Cryptoki already initialized Pkcs11-global.c:37:C_Initialize: C_Initialize(): Cryptoki already initialized Any idea? Any workaround ? Cheers, /R
