I alreay see that links and, as i told you earlier, must be a Mozilla/NSS bad implementation, cause it asks again and again, no matter if CKR_OK or CKR_INVALID_ATTRIBUTE. anyway, ill argue this things with the mozilla people. Thanks a lot for your time and help. Much appreciatted.
2011/8/26 Douglas E. Engert <deeng...@anl.gov>: > > > On 8/26/2011 2:46 AM, helpcrypto helpcrypto wrote: >> 2011/8/25 Douglas E. Engert<deeng...@anl.gov>: >>> >>> The OpenSC pkcs11/pkcs11-display.c has definitions for all these. >>> #define CKO_NETSCAPE 0xCE534350 >>> >>> #define CKO_NETSCAPE_CRL (CKO_NETSCAPE + 1) >>> #define CKO_NETSCAPE_SMIME (CKO_NETSCAPE + 2) >>> #define CKO_NETSCAPE_TRUST (CKO_NETSCAPE + 3) >>> #define CKO_NETSCAPE_BUILTIN_ROOT_LIST (CKO_NETSCAPE + 4) >>> >>> There are vendor attributes too. >> >> These are the values im talking about...i guess somewhere must be >> documented what they are for. > > PKCS#11 allows for vendor defined objects and attributes and NSS implements > some soft tokens that can support storing of CA certs, with TRUST, and CRLs > and other objects or attributes needed by NSS. > > You can find the documentations and source for NSS here: > > http://www.mozilla.org/projects/security/pki/nss/ > > In Release 3.12 the names are changed from CKO_NETSCAPE_ to CKO_NSS_ > with the same values: > > http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-release-notes.html > > In the NSS CVS source these are defined in > ./mozilla/security/nss/lib/util/pkcs11n.h > > >> >>> >>> Looks like looking for a CRL. >>> >>> When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK >> >> I dont know in OpenSC, but doenst matter if i return 0+CKR_OK or not. >> It still ask many times. > > See this thread: > http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg08609.html > > One of the NSS developers, says you can return CKR_INVALID_ATTRIBUTE > and it might stop asking. > > >> >>> >>> Add to the environment something like this: >>> >>> PKCS11SPY=/opt/smartcard/lib/your-pkcs11.so >>> PKCS11SPY_OUTPUT=/tmp/tb.spy.txt >>> >>> >>> You can use the OpenSC pkcs11-spy.so with TB and your own PKCS#11 module. >>> make the pkcs11-spy.so or pkcs11-spy.dll the security device. >>> >>> >>> >>> When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK >>> >> >> Thanks a lot for your help. >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- > > Douglas E. Engert <deeng...@anl.gov> > Argonne National Laboratory > 9700 South Cass Avenue > Argonne, Illinois 60439 > (630) 252-5444 > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
