Wan-Teh Chang wrote:
Rob Crittenden wrote:
A fair bit of work has been done to mod_nss, an SSL module for Apache
that uses NSS instead of OpenSSL, since it was released last September.
Changes since then include use the NSS OCSP client, addition of a FIPS
mode (similar to modutil -fips true -dbdir /path/to/database), options
to seed the NSS Random Number Generator, support for Apache 2.2 as
well as a number of important bug fixes.
We recently fixed a bug in our selfserv test program
that it can't find its private key when NSS is in FIPS
mode. The function that had the bug is PK11_FindKeyByAnyCert.
(See https://bugzilla.mozilla.org/show_bug.cgi?id=337789.)
Is mod_nss not using PK11_FindKeyByAnyCert?
It's possible that mod_nss didn't run into the above bug if it logged in
to the token before looking for the server private key.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
