>>> Odd that crypto.signtext should check for an email cert when it is not >>> performing email signing or encryption. > >> nsCrypto::SignText explicitly does a >> CERT_FindUserCertsByUsage(certUsageEmailSigner); is there a better usage >> bit to use?
>There's no better usage bit to use, I know this the hard way :-) Although I have not studied the code, the name appears to be in conflict with websigning since such certificates usually has nothing to do with e-mail. The appropriate selection should only check for NR or have I missed something obvious? Maybe it could be extended to support the DS in the case there is no NR cert with the same "ID"? This comparison is a bit ugly but may be needed for PIV. Anders Rundgren _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
