Roumen, I think that application can call PK11_SetPasswordFunc() directly if needed.
Best, Aleksey On 1/2/16 9:34 AM, Roumen Petrov wrote: > Hello, > > I would like to continue discussion. > Aleksey please find my comments below. > > Lara Blatchford wrote: >> We are using mod_nss 1.0.8, this appears to indicate that the bug >> being described >> was addressed in mod_nss 1.0.3 >> >> Thanks, >> Lara >> >> -----Original Message----- >> From: Aleksey Sanin [mailto:[email protected]] >> Sent: Thursday, June 25, 2015 12:55 PM >> To: Lara Blatchford; [email protected] >> Subject: Re: [xmlsec] signature verification failures using NSS with FIPS >> >> >> https://www.google.com/search?q=nss+certificate+verification+fails+fips+mode&ie=UTF-8#q=nss+certificate++failed+fips+ >> >> >> The first link. > I don't think that result from internet queries could help . > > The main issue is that NSS module is in FIPS mode . > I'm not sure that pages like > "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/FIPS_Mode_-_an_explanation"; > could explain difference . > It seems to me when module is in FIPS mode user should authenticate to > it on each operation. In particular verify operation also requires user > to enter password. > > > xmlsec should use PK11_SetPasswordFunc to register password callback. > > It seems to me NSS test database is not protected by "master"-password > and so test operations pass in non-FIPS. > > > >> Aleksey >> > [SNIP] > > Regards > Roumen Petrov > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
