Nelson, Thanks a lot for your helps. Now I have found and fixed my problem. It comes from a CKA_VALUE checking, not from the CKA_ID checking.
Nelson B wrote: > ben wrote: > > > In my case both the attributes CKA_ID and CKA_LABEL are set to a same > > unique name regardless whether the cert subject name is unique or not. > > For the corresponding private key the CKA_ID and CKA_LABEL attributes > > are also set to the same value as that of CKA_ID and CKA_LABEL > > attributes of its cert's. > > > Can CKA_ID and CKA_LABEL be set to the same value or not? > > Yes, they are separate spaces, so I think it doesn't matter if their > values match each other, or not, as long as each is unique within > its own space. > > > From my log file I cannot see a reason of why the browser didn't pick > > up the selected private key. > > Some questions: > > a) When you see the dialog for choosing a certificate, do the names of > the certs that appear in that dialog bear the strings from your CKA_LABEL > attributes? > > Do the names in that list start with the name of your token or slot? > e.g. token name: cert label ? > > b) how many certs from your module appear in that list? > > c) Does the browser then ask for the wrong key, > e.g. a key for a different cert in your token? > or does it fail to ask for any key from your module? > > d) You're doing SSL client authentication. What does the server see? > - no client auth at all? > - client auth with the wrong cert? > - client auth with the right cert but a bad signature? > > -- > Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
