Hi!
The latest SVN release (currently r4518) breaks reader hotplug for
Firefox. Again!
I think the culprit is somewhere in changesets 3929-r3935 that in
combination with the 100% CPU usage fix (changeset 4363) doesn't seem to
do what advertised:
Slots are added to the end of the list in a way that Firefox is unable
to recognize, thus reader hotplugging with Firefox DOES NOT WORK!
Tested with Firefox 3.6.4 on Fedora 13 64bit and Firefox 3.6.6 on
Windows Vista 32bit.
PKCS#11 implementation in Mozilla is broken in many ways:
1. It doesn't like when slots disappear
2. It breaks when module initially exposes zero slots
3. It doesn't set it's slot flags (eg. friendly) for all slots,
but only for those that were visible when the security module was
loaded from JavaScript. New slots get default flags, which can be
wrong.
These are the exact reasons why the original "virtual slot" system was
implemented. It's best not to mess around with the slot count when
dealing with NSS in the first place.
What happened to the previous "working" virtual slot implementation?
When using PKCS#11, who cares about the "real" physical readers anyway?
Why not just expose a number of empty slots and then fill them with
tokens as they are inserted. OpenCT driver already does this by exposing
a number of "detached readers", why not do the same with PKCS#11 slots
and only add new slots to the list as a last resort: when all initially
allocated slots are full.
If it's not "clean enough", then maybe rename the current
"onepin-pkcs11" to "firefox-sucks-pkcs11" and please do not touch those
hacks until the bloody NSS has been fixed for good.
--
Antti Andreimann
Using Linux since 1993
Member of ELUG since 29.01.2000
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
