Hi, I am developing a PKCS#11 module and I've managed to register it with Mozilla. The module uses software token and I have already managed to list the certificate in Mozilla. Nevertheless, when I was about to establish an SSL connection to a web server, the certificate was not listed for me to choose. Can someone please tell me what it takes to get Mozilla to recognise that this is one of the certificates to be used for client authentication?
The module currently lists the following mechanisms as return values for C_GetMechanismList: - CKM_RSA_PKCS - CKM_RSA_X_509 After asking for the PIN, Mozilla looked for the objects in the module, and in the first round I was asked for the certificate (in C_FindObjectsInit), so I returned the handle to the certificate (in C_FindObjects). As a follow up to this, Mozilla requested for the attributes of the certificate, and the following are the relevant attributes: - CKA_CLASS - CKA_TOKEN - CKA_LABEL - CKA_CERTIFICATE_TYPE - CKA_ID - CKA_VALUE - CKA_ISSUER - CKA_SERIAL_NUMBER - CKA_SUBJECT Mozilla also requested for the value of attribute CKA_NETSCAPE_EMAIL, therefore my C_GetAttributeValue returns CKR_ATTRIBUTE_TYPE_INVALID. After that, Mozila initiated another object search (using C_FindOjectsInit) and there are two attributes in pTemplate: - CKA_ID - CKA_CLASS The pValue for the template (for CKA_CLASS) is CKO_PRIVATE_KEY, therefore I return the handle to the private key. After that, the SSL connection was completed and I was not shown a list of certificates available for client authentication. Was Mozilla supposed to call my C_GetAttributeValue function, passing the handle of the private key, to obtain the attributes of my private key? What have I done wrong here, or am I missing any critical steps which are required? Please help. I am currently using Mozilla 1.2.1 on RedHat Linux 9. My compiler is GCC 3.2.2. I have configured Apache 2.0.40 to request for client authentication without requiring CA verification of the client certificates. Your help will be very much appreciated. Thanks _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
