Marc wrote:
I have compiled both mozilla suite and thunderbird with the
"NSS_ENABLE_ECC=1" flag, and I have been able to import ECC
(ecdsa-with-sha1) certificates done with openssl. However, I can't
sign/encrypt any email with these certificates:
True. Part of the original set of patches to add ECC to mozilla was
not checked in with the rest, resulting in ECC not working completely
for S/MIME.
No further work is being done on ECC in mozilla/NSS at this time because
of an uncertain patent situation. :(
it complains saying that
the cert might not be trusted, but that's not true (I have tried with
RSA certs and it works perfectly).
Mozilla crypto related error messages leave something to be desired.
https://bugzilla.mozilla.org/show_bug.cgi?id=107491
(I'm being unusually polite about that.) There are something like 200-300
distinct error codes from the underlying crypto libraries, and something
like 20-30 unique error messages that get shown to the user. :(
A PSM contribution to improve that would be welcome.
Does anyone know whether thunderbird or mozilla suite support S/MIME ECC
certs? I haven't succeeded either to connect using server-side certs to
a ECC-enabled test server. Can anyone help with this, also?
Since you've built your own, look at the patches attached to bugzilla bugs
https://bugzilla.mozilla.org/show_bug.cgi?id=240554
https://bugzilla.mozilla.org/show_bug.cgi?id=238051
and try those patches for yourself.
Those patches are now somewhat old, and some work may be required to apply
them to a current source tree. If you have success, please tell us.
Greets,
Marc.
/Nelson
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
