On 11.02.2006, at 13:28, Martin v. Löwis wrote:
Can you try reverting that change, and see whether this improves
things?
Yes. This helps:
--- certdb.c~ 2006-02-12 09:21:58.000000000 +0100
+++ certdb.c 2006-02-12 09:21:58.000000000 +0100
@@ -1265,8 +1265,6 @@
}
certKeyUsage = cert->keyUsage;
- if (certKeyUsage & KU_NON_REPUDIATION)
- certKeyUsage |= KU_DIGITAL_SIGNATURE;
if ( (certKeyUsage & requiredUsage) == requiredUsage )
return SECSuccess;
And my certificates list will look like this:
http://martin.paljak.pri.ee/download/mozilla-nonrep/patch.png
And the right slot chosen with automatic certificate selection.
As the nonrep only certificate does NOT have a SSL client certificate
usage bit it must not be chosen automatically for ssl client
authentication.
cheers,
m.
--
Martin Paljak
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
