Martin Paljak wrote: > When using a token (Estonian eID card) via OpenSC PKCS#11 module with > FF 1.5 / TB 1.5 it selects a wrong certificate automatically - if you > don't select 'ask every time' for certificate selection then the > nonrepudiation slot is used instead of the authentication slot. This > was not the case with 1.0.x
My guess is that this comes from https://bugzilla.mozilla.org/show_bug.cgi?id=240456 committed as revision 1.70 in security/nss/certdb/certdb.c Can you try reverting that change, and see whether this improves things? Also, can you please explain why the non-repudiation certificate is wrong? Non-repudation is a (even stronger) form of authentication. Regards, Martin _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
