rg wrote:
It is true that NSS caches certificates, but if the cache is not displaying the correct results, that is a bug. What version of NSS are you using?Possible scenario:- Available certificates are shown to user (I get a list of them via NSS PK11_ListCerts) -User selects a cert in smart card and signs with it. Everything ok so far -User removes smart card from reader and replaces it with a different card - Available certificates are shown to user -Problem:I still get the certificate of the first smart card. I suppose NSS is caching certificate list because of performance ? Any way to get right cert? i.e accessing the new smart card ??
That sounds like a bug. Please file it in Mozilla under component NSS. If you could put the full log in that would help.-I change the code of the plug-in so NSS is shut down (NSS_Shutdown) & reloaded (PR_Init + NSS_Init + dlopen nss3 & smime3) before showing available certificates (an attempt to force a refresh.). We open a new (and only one) browser. Then: - Available certificates are shown to user (nss reloaded) -User selects a cert in smart card (do not sign anything) -User removes smart card from reader and replaces it with a different card - Available certificates are shown to user. (nss reloaded). New cert in smart card shown properly - User repeats removing and replacing card. Correct certificates are always shown (note: no signing performed) - Available certificates are shown to user (nss reloaded) - User selects a cert in smart card and signs with it. Everything ok so far - User removes smart card from reader and replaces it with a different card - Available certificates are shown to user (nss reloaded) - Problem: No cert from smart card is shown. From opensc's log: Pkcs11-global.c:37:C_Initialize: C_Initialize(): Cryptoki already initialized Pkcs11-global.c:37:C_Initialize: C_Initialize(): Cryptoki already initialized Any idea? Any workaround ?
-Ian
