On 14.06.2007, at 1:00, Douglas E. Engert wrote: > So it looks like the latest FireFox 2.0.0.4 is working much better. * Certificate selection is still broken - it selects nonrepudiation certificate with no ssl client certificate usage bits automatically even though it should select a certificate with SSL client capabilities (IMO) (see https://bugzilla.mozilla.org/show_bug.cgi? id=328346 - even though it is considered as fixed). This is one of the reasons why the onepin module exists - to only present one certificate (protected with one pin) to firefox so that it could do dumb decisions.
* Loading the module via standard GUI (preferences -> advanced -> encryption -> security devices -> load) still results in 'unfriendly behavior' meaning automatic certificate selection, if enabled, requires you to type in all different pins and puks on the card (PIN1 for slot1, PIN2 for slot 2 and PUK, alone in the separate slot). (see https://bugzilla.mozilla.org/show_bug.cgi?id=201333) This is the second reason why the hackerish module exists - even if Firefox knew how to select the right certificate if given the ones present on Estonian eID, it would ask both PIN1 and PIN2 just to make the decision to choose the one with PIN1 to proceed (even though the certificates are public) Thus the need still exists for this hackerish module to enable seamless operation for Estonians at least. :( If there are bugs in the code or changes that change this behavior - let me know and I'll give it a try to see what happens. Unfortunately I'm not a pkcs11 expert. -- Martin Paljak http://martin.paljak.pri.ee _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
