Hi David,Modutil explicitly loads the PKCS #11 module into it's address space before it loads it into the database. If you are running a 32-bit version, then you may have problems loading a 64-bit pkcs11 module. In addition you'll want to be careful which applications open the dbdir. A 32-bit app won't be able to load your 64-bit pkcs11 module.
Modutil has a 'raw' interface which does not load the module. If you need to load a 64-bit pkcs11 module with a 32-bit one, you can use the -rawadd command. It takes a single string of the format specified in
http://developer.mozilla.org/en/docs/PKCS11_Module_Specs bob David Stutzman wrote:
I'm using RHEL4 64bit, freshly updated. I've installed an nCipher PCI HSM using their 64bit support software and configured it properly, at least I think so. I did 2 similar machines and used the other one for an OCSP server and that software integrated ok with the HSM. I just installed Red Hat CS 32-bit. Before I set up any CA instances I'm attempting to add the HSM's pkcs11 module using modutil, as I've done in the past, using the command:# modutil -add nShield-500 -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so -dbdir . -nocertdbI get:ERROR: Failed to add module "nShield-500". Probable cause : "/opt/nfast/toolkits/pkcs11/libcknfast.so: cannot open shared object file: No such file or directory".I'm executing the command as root. Here's some info on the file which is present and *should* be readable by root.# ls -l /opt/nfast/toolkits/pkcs11/libcknfast.so-rwxr-xr-x 1 root root 10656282 Sep 11 2006 /opt/nfast/toolkits/pkcs11/libcknfast.so# file /opt/nfast/toolkits/pkcs11/libcknfast.so/opt/nfast/toolkits/pkcs11/libcknfast.so: ELF 64-bit LSB shared object, AMD x86-64, version 1 (SYSV), not strippedThe modutil appears to be linking to a 3.9.3 version of NSS that is distributed with the Red Hat CS software.Is this some strange 32/64-bit mixing problem or am I overlooking something stupid here?Thanks, Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
