Dear dev-tech-crypto readers:
Today I have given up the position of list owner and moderator for the
dev-tech-crypto mailing list and mozilla.dev.tech.crypto news group, a
position I have held since the list was formed over 10 years ago.
The new owner/moderator is Kai Engert. Please join me in
On 2012/05/21 05:21 PDT, Bernhard Thalmayr wrote:
Hi Wan-Teh, Nelson, could it be that this error is also raised by the
client if the client can not 'participate' in ssl client-auth?
Unfortunately I only got a text-output of 'ssldump', not sure if this is
would be helpful.
[snip]
The
On 2012/05/08 04:53 PDT, Bernhard Thalmayr wrote:
Hi experts, an OpenAM community member is using OpenAM policy agent to
connect to an ssl-secured server.
The policy agent uses NSPR 4.8.2, NSS 3.12.5.0 optimized build for Linux
(RHEL) 64bit.
If the agent tries to open a connection to
On 2012/02/27 09:47 PDT, VictorMiller wrote:
On Feb 24, 7:57 pm, Nelson B Bolyard nel...@bolyard.me wrote:
On 2012/02/24 07:26 PDT, VictorMiller wrote:
I have a new PKI certificate as a .p12 file which I want to import
into firefox and thunderbird on a RedHat system. However, every time
I
On 2012/02/24 07:26 PDT, VictorMiller wrote:
I have a new PKI certificate as a .p12 file which I want to import
into firefox and thunderbird on a RedHat system. However, every time
I try an import I get the above error message. If I log onto an MS
Windows machine I can get IE to import it
On 2011/10/10 12:16 PDT, Wan-Teh Chang wrote:
[...]
The certdata.txt file in the NSS source tree
(http://mxr.mozilla.org/security/source/security/nss/lib/ckfw/builtins/certdata.txt)
is the master source of the NSS built-in trusted root CA list, so
people have written scripts to extract the
On 2011/09/18 03:15 PDT, Ralph Holz (TUM) wrote:
does NSS check the pathlength extension in an issuing certificate? I am
particularly wondering if pathlen:0 is honoured.
Yes and Yes.
NSS 3.12 claims compliance with RFC 3280.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On 2011/09/07 09:38 PDT, praspa wrote:
I'm trying to make two separate HTTPS requests to a remote host using two
client sockets and two different client certificates respectively (client
cert A and B). [...]
From my host, I'm able to make two connections on two different sockets to
the
On 2011-07-26 13:30 PDT, Brian Smith wrote:
Mozilla would like to expose a secure PRNG (basically, a wrapper around
PK11_GenerateRandom) to JavaScript content:
https://bugzilla.mozilla.org/show_bug.cgi?id=440046
There is some agreement that we should maintain separate PRNG state for
each
On 2011-06-10 16:43 PDT, Crypto User wrote:
On May 25, 11:33 am, Crypto User cryptou...@gmail.com wrote:
Hi ,
I am trying to use this method to move my symmetric key to the key
for wrapping.
when I use this method , I get
undefined reference to `PK11_CopyToSlot' collect2: ld returned 1
On 2011/03/22 02:23 PDT, silent...@gmail.com wrote:
Well, the reasons are at least obvious to us :) - the card is supposed
to be in use for least 5 years. Card owners (Health Care Providers in
our case) should be able to use various email providers for exchanging
medical reports.
Nothing
On 2011/03/17 02:41 PDT, silent...@gmail.com wrote:
It seems that Thunderbird refuses to use X.509 certificates for S/MIME
encryption when these certificates do not contain email address of the
subject. We want to use S/MIME with keys stored on smart cards and
certificates distributed via
Brian Smith wrote:
Ritmo2k wrote:
Anyone know if its possible to configure Firefox to implicitly trust
all certificate authorities installed in the Windows Trusted Root
Certification Authorities Store?
Firefox does not support this yet. See:
On 2011/02/24 12:08 PDT, Datar, Raju wrote:
Hi all:
There are two very different issues in Firefox. If some kind person can
reply with some information, that would be highly appreciated.
ISSUE 1: The certificate name in the display is a hex value.
We use client side certificate for
On 2011-01-25 13:07 PDT, Michael H. Warfield wrote:
[...] Instead of having a cert in the
database with the name I specified in creating the .p12 file, I ended up
with a cert in the database with the name of the E-Mail address in the
cert. Not sure where that problem is (openssl or the
On 2011-02-01 07:57 PDT, Zack Weinberg wrote:
I've been following the mailing list for the IETF's keyassure
working group, which plans to standardize a mechanism for putting
application-layer server keys (or their hashes) in DNS, certified by
DNSSEC. TLS/SSL is the first target, and of
On 2011-02-05 13:28 PDT, Zack Weinberg wrote:
On 2011-02-05 1:13 PM, Nelson B Bolyard wrote:
Zack, thanks for bringing this to this list/group. I think many of
us were caught by surprise by it, because it is a browser policy
proposal rather than a technical discussion of the protocols
On 2011-01-27 09:00 PDT, volkerk wrote:
I am having the same problem with Firefox 3.0.15, which is suddenly
unable to contact our Peoplesoft server and gets the no cypher error.
After capturing the packet exchange with Wireshark, I found out the
same as Suresh here - Firefox 3.0.15 (Windows)
On 2011-01-29 06:41 PDT, Matej Kurpel wrote:
Hello,
as far as I know, Thunderbird sends encrypted e-mails as an attachment
named smime.p7m.
Can anybody let me briefly know what this file contains?
Yes, it contains a message in the Cryptographic Message Syntax (CMS).
CMS is NOT SIMPLE. To
On 2011-01-30 02:30 PDT, Matej Kurpel wrote:
On 30. 1. 2011 10:57, Nelson B Bolyard wrote:
Yes, the P7M holds all those encrypted copies of the key that
encrypts the main message, and of course, the ciphertext produced
with that key, And cert chains, and capabilities, and ... it's like
bread
On 2011-01-29 06:06 PDT, Ambroz Bizjak wrote:
Hello. I have a problem with NSS. Here's what I'm trying to achieve:
[ If I may paraphrase, system C sends a cert to systems A and B. ]
[ A forwards its copy to B. B must compare the two copies. ]
Here's how I encoded the certificate (on
Michael,
Can you make available to me the cert8.db file and the nokey p12 files
exactly as they were before you did the fateful certutil -D step?
If so, I'm interested in trying to track this down.
I have a test for you to try that *MAY* (or may not) prove to be a
solution for you. I believe
On 2011-01-30 11:48 PDT, Wan-Teh Chang wrote:
On Sun, Jan 30, 2011 at 1:32 AM, Nelson B Bolyard nel...@bolyard.me wrote:
Firefox doesn't send TLS client hellos to servers that fail to
complete ANY handshake with ANY version of SSL or TLS some number of
times in a row when it has tried sending
With my newsgroup/mailing list moderator hat on, I write:
PLEASE DO NOT reply to this list by multiple addresses.
Please reply to no more than one of the following addresses:
mozilla-dev-tech-cry...@lists.mozilla.org
dev-tech-crypto@lists.mozilla.org
On 2011-01-13 03:58 PDT, Irune Prado Alberdi wrote:
I've tried the same test with Chromium and it worked correctly as
Wan-Teh said. The database does not get locked.
[snip]
I had to activate the FRIENDLY flag in order Chrome to correctly obtain
the smartcard's certificate. I'm new to Chrome
On 2011-01-12 13:18 PDT, Bernhard Thalmayr wrote:
Hi Experts, where do I get the script 'modlogger.pl' mentioned in
'http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn2.html'?
Sadly, it no longer exists. But IMO, you don't need it. The raw output
is equally readable without it,
On 2011-01-11 13:26 PDT, Bernhard Thalmayr wrote:
Hi experts,
https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables
tells me that I have to build NSS/NSPR with 'TRACE'.
Unfortunatley I have not found how to make this build work.
I've already search the archive and
Bernhard wrote:
331569088[1bd1610]: flags = 0x4
331569088[1bd1610]: pApplication = 0331569088331569088[1bd1610]:
Notify = 0x13231f31569088[1bd1610]: phSession =
0x7fffc331569088[1bd1610]: phKey = 0x36c1618
331569088[1bd1610]: CKA_CLASS = CKO_SECRET_KEY [8]
Was that a copy
On 2011-01-12 13:53 PDT, Bernhard Thalmayr wrote:
Although I've only done a debug build I get an ssl-trace file starting
with ..
SSL: tracing set to 127
SSL: debugging set to 127
12676: SSL: grow buffer from 0 to 18432
12676: SSL: grow buffer from 0 to 18432
12676: SSL[107778448]:
On 2011-01-11 04:48 PDT, Irune Prado Alberdi wrote:
I'm trying to access a NSS shareable database (3.1.2 with
NSS_DEFAULT_DB_TYPE=sql) while having a Firefox NSS session already
initialized over the pkcs11 module of my smartcard.
My test is really simple but I don't get to know why firefox
On 2010-12-27 01:44 PDT, Matej Kurpel wrote:
If I only was able to load the source code of Thunderbird in Visual
Studio, that would be great. I could debug it line-by-line as usual.
You can. Download and unpack the sources from
On 2010-12-27 10:39 PDT, Matej Kurpel wrote:
Wow - I was able to Attach To Process... in VS2008 and then I caused
the crash deliberately.
Bravo.
It showed me the source code and call stack, which is great. But
evaluating most of the variables returned CXX0069: Error: variable
needs
On 2010-12-19 00:56 PDT, Marsh Ray wrote:
On 12/19/2010 02:27 AM, Nelson Bolyard wrote:
Yes, Mozilla builds its own CRT, which is a modified version of the MSVC
CRT, whose sources come only with the pay (not free) versions of MSVC.
They do this in order to replace MSVC's normal heap code
Matej,
Your message contains an obvious self-contradiction. Observe:
On 2010-12-10 09:57 PDT, Matej Kurpel wrote:
CK_RV CK_ENTRY C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR
pMechanism, CK_OBJECT_HANDLE hKey)
{
return CKR_FUNCTION_CANCELED;
}
89: C_SignInit
On 2010-12-10 03:45 PDT, David Stutzman wrote:
On 12/9/2010 2:29 PM, Wan-Teh Chang wrote:
The (-8157) Certificate extension not found part
is most likely wrong (a stale error code). Please try to track that down
and fix it.
I remember Nelson saying pretty much anytime that error pops out
On 2010-11-26 13:20 PDT, ryan-mozdevtechcry...@sleevi.com wrote:
[snip]
And to save you a bit of trouble/pain: for CryptoAPI, you cannot
simply sign raw data - you can only sign previously hashed data. I
understand this to mean that you cannot write a pure PKCS#11 -
CryptoAPI mapper, whether
On 2010-11-24 11:17 PDT, passfree wrote:
Speaking of firefox, I know it is not meant to be used as a server but
it does provide server sockets through nsIServerSocket interface.
I'd say it's a BUG in PSM if it offers a way for XPCom users to use NSS
server sockets, but doesn't offer any way
On 2010-11-10 05:41 PDT, stephen.mocca...@gdc4s.com wrote:
I am on a Linux system and I am trying to send a signed email message
using cmsutil and the smime toolkit but it fails with the following
error:
cmsutil: the corresponding cert for key (null) does not exist:
Certificate key usage
This morning, in the moderation queue for this list, I found a message
that was different from others I'd seen before. It appeared to have
originated as a newsgroup posting at google. I'm still not 100% sure if
this was a moderated newsgroup posting, or if the poster merely sent it
both as a
On 2010/10/29 01:44 PDT, Nelson B Bolyard wrote:
No, passwords simply have NO PLACE in protecting the average user from
phishing. And it doesn't matter whether the password is used to derive
a session encryption key, or just as an authentication token. The user
is just as vulnerable either
On 2010/10/28 03:12 PDT, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
[...] It because none of them: J-PAKE, SPEKE, SRP, or for that
matter, good old CRAM-MD5 address the NUMBER ONE problem with passwords.
PHISHING.
They are a very significant
On 2010/10/28 02:14 PDT, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
Please don't file a bug without a stack trace showing the crash is in NSS.
[...]
If the back trace shows the crash is not in NSS, but in some other
library, please direct the bug report accordingly.
The report
On 2010-10-26 05:07 PDT, Jean-Marc Desperrier wrote:
Matej Kurpel wrote:
However, how does a printable string differ from utf8string (and other
strings, particularly ia5string) when there are no non-ascii characters?
Do you think it's a bug in NSS...?
printable string basically allows only
On 2010-10-24 02:12 PDT, Matej Kurpel wrote:
[snip]
You can clearly see both my CA and user certificates. Certutil has used
my PKCS#11 module to obtain my user certificate. Then I launched the
second commany you were suggesting:
certutil -d . -L -n HTC Touch HD T8282:Matej Kurpel
Now it
On 2010-10-21 13:31 PDT, Matej Kurpel wrote:
This looks like Thunderbird cannot find the user certificate in its
database. Well, it shouldn't anyway, since it resides on the token
provided by a PKCS#11 module I am developing.
Right. It's not necessary for the cert to be in the database.
On 2010-10-22 07:39 PDT, stephen.mocca...@gdc4s.com wrote:
Thanks. I'll try it.
Stephen Moccaldi
General Dynamics C4 Systems, Inc.
stephen.mocca...@gdc4s.com
781-455-5466
This message and/or attachments may include information subject to GDC4S
O.M. 1.8.6 and GD Corporate Policy
Gerv,
On 2010-10-22 01:25 PDT, Jan Huynh wrote:
Click Here to Enter:
http://better-web-365.com/12/paramore-mp3
.
.
Paramore Mp3
Paramore Franklin Free Mp3
[Hundreds of lines beginning with the word Paramore deleted]
This is clearly a failure of the new newsgroup moderation, and
This is a resend. Don't know why my previous copy went only to Marsh.
I intended it to go to the list as well.
On 2010-10-21 16:50 PDT, Marsh Ray wrote:
On 10/21/2010 05:53 PM, Nelson B Bolyard wrote:
- Letting mozilla products become a playground for home-baked crypto
protocols. That's
On 2010-10-22 11:35 PDT, Wan-Teh Chang wrote:
On Thu, Oct 21, 2010 at 3:53 PM, Nelson B Bolyard nel...@bolyard.me wrote:
I'd say the interfaces to those functions (more precisely, their
signatures) are quite frozen. The mp_int bignum package API is so
frozen as to have become something
On 2010-10-20 17:13 PDT, Brian Smith wrote:
See https://bugzilla.mozilla.org/show_bug.cgi?id=601645.
The following internal functions and data structures in FreeBL that
would be used Firefox 4.0 Sync's J-PAKE implementation through JSCtypes
(a mechanism for calling native code through
On 2010-10-19 01:23 PDT, Gervase Markham wrote:
At 11pm Pacific Time on Tuesday night (6am UTC on Wednesday morning) we
are implementing[0] the new discussion forums anti-spam plan[1] on the
following guinea pig groups:
mozilla.community.philippines
mozilla.governance.mpl-update
On 2010-10-20 09:54 PDT, Matej Kurpel wrote:
Hello,
I have set up my own CA and issued one certificate signed by this CA.
However, I cannot use this certificate to send signed e-mail from
Thunderbird. It says Could not verify this certificate for unknown
reasons.
PSM's infamous for an
On 2010-10-16 06:25 PDT, Matej Kurpel wrote:
Hello,
I am developing a PKCS#11 module to be used with Thunderbird. However, I
have trouble providing a valid signature for e-mails. The mechanism used
is CKM_RSA_PKCS and I have a 1024bit private key along with the
certificate, stored on the
On 2010-10-16 11:39 PDT, Matej Kurpel wrote:
On 16. 10. 2010 18:33, Nelson B Bolyard wrote:
The SignData method you're trying to use does all the above steps.
It wants the input to step 1. Since you're implementing CKM_RSA_PKCS,
the data you're given is the input to step 3, the output from
On 2010-10-08 10:58 PDT, al...@yahoo.com wrote:
I noticed when moving a profile that secmod.db retains the old absolute
profile path (configdir='...')
Is the path used for anything? Does it need to be updated? How? Can
secmod.db be deleted and regenerated? What are the consequences?
On 2010-10-10 07:45 PDT, Matej Kurpel wrote:
Never mind, solved it myself. What turned out to be the problem, was
that the CK_BBOOL values were 4-bytes and not 1 byte in size.
Glad you figured it out. I think we could not have helped you
without a LOT of work and looking at your code.
--
On 2010-10-02 09:11 PDT, passfree wrote:
The problem is within the write method of the component which fails
for some unknown reasons. Here is the code I am using for testing:
char b[] = { 12345 };
int result = PR_Write(sfd, b, 5);
if (result =
On 2010-09-16 00:54 PDT, Wolter Eldering wrote:
Hi,
I have configured a model file descriptor using
SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list)
The ssl3.ca_list information set in the model is not copied into the new
file descriptor when calling PRFileDesc
On 2010-09-09 03:37 PDT, Vincent Agriesti wrote:
How do I get the CMS encoder in mozilla's NSS 3.12.7 to use definite
encodings on constructed types as well as data [?]
[snip]
Researching into the code, I've found (in secasn1e.c)
/* The !isString test below is apparently intended to
On 2010-09-07 06:20 PDT, Konstantin Andreev wrote:
On 08/31/10 05:01, Nelson B Bolyard wrote:
On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote:
I propose that we remove SSL 2.0 support from the NSS trunk (NSS
3.13).
[... skip ...]
It's something I wanted to do for YEARS, but for as long as I
On 2010-09-06 08:17 PDT, Xavier Toth wrote:
I'm trying to verify the signature of a file I've signed but I don't
understand where to get the sigAlgorithm and hash to pass to
VFY_CreateContextWithAlgorithmID.
I presume you've read the description of these parameters in
On 2010-08-30 11:04 PDT, Michael Smith wrote:
On Aug 28, 10:08 am, Nelson Bolyard nonelsons...@nobolyardspam.me
wrote:
What is the real underlying objective of this?
Is it to authenticate the individual user of the product to the servers?
Is it to ensure that the client applications of the
On 2010/08/30 17:32 PDT, Wan-Teh Chang wrote:
On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith br...@briansmith.org wrote:
Wan-Teh Chang wrote:
I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13).
The entire gather logic, by which incoming records are received,
could be
On 2010/08/26 01:02 PDT, fishjohn wrote:
Hi.
Hope this forum is ok for such question.
Yes.
We have simple lists implemented through /etc/aliases . basically
I want to send encrypted mail to l...@example.com ( which is alias
for person1, person2, ...)
A common desire.
Is there way to
On 2010-08-22 20:46 PDT, Nelson B Bolyard wrote:
On 2010-08-22 16:44 PDT, Brian Smith wrote:
When NSS Softoken is in FIPS mode, it refuses to create keys with
C_CreateObject.
What means that it refuses to import secret or private key material
Sorry, that should have read: Which means
On 2010-07-30 20:53 PDT, Wan-Teh Chang wrote:
On Fri, Jul 30, 2010 at 11:29 AM, Nelson B Bolyard nel...@bolyard.me wrote:
I think you're right. I filed
https://bugzilla.mozilla.org/show_bug.cgi?id=583308
with a patch to fix at least one problem.
I ran Hanno's test program in a debugger
On 2010-07-30 20:53 PDT, Wan-Teh Chang wrote:
Here is Hanno's code modified to use a PointerTo template:
SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
const SEC_ASN1Template MY_PointerToAlgorithmIDTemplate[] = {
{ SEC_ASN1_POINTER, 0, SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) }
};
On 2010-07-31 14:23 PDT, Nelson B Bolyard wrote:
So, I moved the XTRN flag up to the PointerTo template, and that
didn't crash, but it failed. I'm debugging it now.
My mistake. It succeeded. I interpreted the returned pointer to the
output buffer as a non-zero result code indicating failure
On 2010-07-29 15:14 PDT, Hanno Böck wrote:
After digging down deeper into the code, it seems it fails somewhere here:
http://mxr.mozilla.org/security/source/security/nss/lib/util/secasn1e.c#897
It gives state-theTemplate to the SEC_ASN1GetSubTemplate-function, while
state-theTemplate points
On 2010-07-26 06:07 PDT, Hanno Böck wrote:
Hi,
Just recently, the templates for decoding the RSA-PSS ASN1 parameters got
added to cvs head (in cryptohi/seckey.c).
Currently I'm working on implementing the creation of PSS signatures, so I
need them also to encode. My naive thought was
On 2010-07-21 18:26 PDT, Amax Guan wrote:
Thank you very much, this really help alot:) We won't let end-users
use that tool, instead, we put it in a installer, and let the installer
do the dirty work.
btw, Since this certutil.exe is downloaded from microsoft.com
I'm a little worried
On 2010-07-23 13:48 PDT, Robert Relyea wrote:
You may be stuck. I believe NES 3.63 ran using an older version of NSS
that is available in the open source world (or even available as shared
^
NOT!
libraries, for that matter). I'm not sure if anyone has access to that
old
On 2010-07-20 02:21 PDT, Waldek wrote:
Hi again,
is there anybody who's been able to get such a setup working after
upgrading to FF 3.6.x ??
Is it a FF 3.6.x bug ??
Could someone from Mozilla guys state anything in this case ??
I've no other ideas so far but recommending my customers
On 2010-07-21 10:50 PDT, Ryan Sleevi wrote, quoting Gervase Markham:
On 21/07/10 07:26, Amax Guan wrote:
But if you generate a user Certificate that's issued by a untrusted CA,
there will be an alert popup.
Can some NSS or PSM hacker explain why this is?
Gerv
While neither an NSS nor PSM
I wrote:
FIPS 140 will not allow *any* hardware pure noise source to be used by
itself as a random number/bit source. Instead, such a source MUST be
fed into a DRBG from which any internal random data is taken.
To clarify,
by pure noise source, I meant such as a forward biased silicon PN
On 2010-07-19 03:18 PDT, Konstantin Andreev wrote:
Let assume, I have high-quality, conformant to all relevant standards
(e.g. FIPS 140-1), hardware, true random numbers source - token B.
Token vendor intimately cares about standard API to the token, and
provides PKCS#11 library.
Indeed,
On 2010-07-19 10:56 PDT, Caden.smith Smith wrote:
Just for your information, here is the tree:
JSS4.DLL
NSPR4.DLL
ADVAPI32.DLL
The factors under the control of the way in which JSS and NSPR are built
end here. Anything below this point has NOTHING to do with them.
Everything below
On 2010-07-01 18:10 PDT, james07 wrote:
I'm importing the key pair into the browser's soft token.
I can see that the cert8.db and key3.db files in the profile directory are
updated and I can also see the new certificate using certutil.exe -L.
However when attempting to connect to a website
On 2010-06-22 06:24 PDT, Logan Jones wrote:
Whenever someone receives an email with a .p7m extension as an
attachment, Thunderbird eats it.
I suppose you mean /attachment/ rather than /extension/.
Normally it would be saved to the desktop and decrypted with the
standalone entrust
On 2010-06-22 07:06 PDT, Konstantin Andreev wrote:
At the moment, NSS softoken still return CKR_DATA_LEN_RANGE when CBC/ECB
ciphers are updated with odd length.
I wonder, are any chances for this aspect of NSS softoken to be more
PKCS#11 compliant in the near future ?
Yes.
Step 1. File a
On 2010-06-21 17:57 PDT, Brian Smith wrote:
From arcfour.c:
http://mxr.mozilla.org/mozilla/source/security/nss/lib/freebl/arcfour.c#390
My guess is that valgrind is considering malloc(5) to allocate 5 bytes,
when really it allocates 8 bytes at least (because of alignment).
See the
On 2010-06-15 14:17 PDT, John Scott wrote:
I'm doing the following to create a signed Firefox plugin
http://oyoy.eu/huh/firefox-extension-code-signed-with-spc-pvk/
However, I'm trying to automate the process, and the first step would be
removing the need for pvkimprt. .NET code can export
I have a question for CAs that accept PKCS#10 CSRs.
Background:
PKCS#10 certificate requests may contain an optional set of ATTRIBUTEs.
One type of ATTRIBUTE, the only type mentioned in PKCS#10, is the PKCS#9
certificate Extension Request. But PKCS#10 suggests that other types
could be defined,
On 2010-06-17 13:45 PDT, Klaus Heinrich Kiwi wrote:
If I'm coding a PKCS#11 module, how exactly the -string parameter
from modutil gets passed down to the library?
i.e.,
$ modutil -add mylib -libfile /lib/mylib.so -string my conf string
I though C_Initialize, OpenSession or even InitToken
In https://bugzilla.mozilla.org/show_bug.cgi?id=490238#c37
David Woodhouse asks how well-behaved applications, which may or may not
be running on a system with System NSS, are supposed to determine the
value of the directory name string they pass to NSS_Init.
He observes that the value may differ
On 2010/06/13 01:33 PDT, Robin H. Johnson wrote:
LOOK at the links I provided, there are ZERO changes to the actual
source code.
Robin, The point is that the upstream NSS team simply doesn't have time
or resources to look at every downstream distribution. There's no point
in asking us to do
On 2010-06-13 13:02 PDT, Robin H. Johnson wrote:
On Sun, Jun 13, 2010 at 02:02:39AM -0700, Nelson B Bolyard wrote:
The root of the problem is that the shared libraries can change
POST-install, as needed for ELF signing, split-debug and prelinking. The
ELF signing is a catch-22. Either I have
On 2010-06-13 17:24 PDT, Robin H. Johnson wrote:
On Sun, Jun 13, 2010 at 03:08:07PM -0700, Nelson B Bolyard wrote:
On 2010-06-13 13:02 PDT, Robin H. Johnson wrote:
As an intermediate related question, is there a standalone
verification tool for the CHK files
shlibsign -V -i seems
On 2010-06-13 17:56 PDT, I wrote:
Perhaps the easiest thing to do is rerun shlibsign and compare the old
and new files.
Please forget that I wrote that. That won't work.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2010-06-12 00:50 PDT, Kaspar Brand wrote:
Sigh. I just came across this:
http://support.microsoft.com/kb/2142236
Non-Outlook email clients unable to decrypt email sent from Outlook 2010
which states under Cause:
Outlook 2010 now more fully implements the Cryptographic Message
On 2010-06-10 22:59 PDT, Robin H. Johnson wrote:
On Thu, Jun 10, 2010 at 10:45:03PM +, Robin H. Johnson wrote:
Testcase 2:
(see attached minimal C code, based on posts to the list and used in the
modutils source AND Mozilla).
Bah, forgot the actual file.
The testcase has been run on
On 2010-06-12 12:49 PDT, Robin H. Johnson wrote:
On Sat, Jun 12, 2010 at 12:15:07PM -0700, Matt McCutchen wrote:
On Jun 12, 2:25 pm, Nelson B Bolyard nel...@bolyard.me wrote:
On 2010-06-10 22:59 PDT, Robin H. Johnson wrote:
The testcase has been run on Arch and Fedora now, and both of those
On 2010-06-10 07:49 PDT, Jean-Marc Desperrier wrote:
Nelson B Bolyard wrote:
Fame and Glory await.:-)
Which means a mention in http://www.mozilla.org/credits/ or about:credits :
We would like to thank our contributors, whose efforts make this
software what it is. [...]
Any
On 2010-06-03 21:52 PDT, Kaspar Brand wrote:
On 03.06.2010 22:57, PDF3 SecureEmail wrote:
I suspect that NSS is not supporting sender key ID yet/properly.
If you replace sender key ID by RecipientIdentifier, then that
statement is true, yes. (Note, however that the MSFT moderator mixes up
On 2010-06-06 20:38 PDT, james07 wrote:
I would like to create a plug-in for Firefox that, when invoked,
generates a new key in the Firefox key/certificate store. Is it possible
to generate a new keypair in using NSS from the plug-in, or do I need to
somehow call crypto.generateCRMF() via
On 2010-06-04 19:21 PDT, TEO Tse Chin wrote:
I encountered an expired cert for an IMAP (STARTTLS) server from an
ISP. While I've followed up with the ISP about the expired cert,
there was something about Thunderbird's behavior that caught my
attention.
In the Add Security Exception dialog
On 2010-06-06 11:22 PDT, aerow...@gmail.com wrote:
File a bug.
No, don't. It would be a duplicate. Find the bug already on file.
It's probably already resolved WONTFIX.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2010/06/03 13:57 PDT, PDF3 SecureEmail wrote:
According to the link at
http://social.technet.microsoft.com/Forums/en-US/officeappcompat/thread/3a19bbc7-9c6b-40ec-823d-16fd88e8de38
Outlook 2010 is OL2010 is using “sender key ID” instead of “issuer
name and serial number” – as per an SMIME
On 2010/06/01 07:04 PDT, Sebastian Mayer wrote:
Solved - and this was again a FIPS issue. The AES_MAC is not in the
list of support mechanism in the fips-related security policy.
That's strange. I'm not sure if that's intentional or a bug.
Bob, Glen, Do you know?
Is there a reason for this
On 2010/06/01 11:38 PDT, Kathleen Wilson wrote:
Is there support in NSS to restrict an intermediate CA to only be able
to issue SSL certificates within a specified domain?
Yes, the issuer of the intermediate CA cert can constrain the names that
may appear in certificates issued by that
1 - 100 of 727 matches
Mail list logo
