When the master password timeout option is set to "Every time it is needed",
the <keygen> tag in the HTML page used for generating private key fails to
work properly. This page has code to invoke our ActiveX component for
signing the certificate request. Our component uses NSS API to open the
Netscape certificate store and export as P12 the certificate the user
selects for signing the request. This component does the NSS initialization
as follows:
HRESULT NetscapeUtilStart(char **tempNetDir)
{
HRESULT res;
SECStatus rv;
*tempNetDir = (char *)malloc(MAX_PATH * sizeof(char));
res = copyNetscapeDatabases(*tempNetDir); // We copy the databases at a
separate location to prevent interference with Netscape's usage of the
database.
// Initialize the password function
PK11_SetPasswordFunc(SECU_GetModulePassword); //The password is passed
programmtically and hence a prompt is not needed
rv = NSS_Initialize(*tempNetDir, "", "", "secmod.db", NSS_INIT_NOMODDB |
NSS_INIT_READONLY);
if (rv != SECSuccess)
res = S_FALSE;
return res;
}
After we are done with exporting the selected certificate as P12, we use
CAPI for actual signing. We do not shutdown NSS when we exit as it prevents
Netscape from using it as well.
If we do not use our component for signing the certificate request, <keygen>
works fine and prompts for password three times during the key generation
process. When we use our component for signing the request, we are not
prompted for password at all.
Any help will be greatly appreciated.
Best regards,
Manoj Srivastava
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
