On 8/28/07, David Stutzman <[EMAIL PROTECTED]> wrote: > > I remember reading that JSS needed to be signed as it is a Java Security > Provider. Does the signature have to be from a "trusted" source or > "just signed". If the latter, we have no shortage of keys/certs here... > > So if I need to do what I think I need to do, do you recommend using a > particular version or just grabbing the current CVS?
You should grab the CVS tag for the JSS release you're using. Suppose you're using JSS x.y.x, then check out the source tree as follows: cvs co -r JSS_x_y_z_RTM mozilla/security/jss cvs co -r NSS_3_11_7_RTM mozilla/security/coreconf mozilla/security/nss mozilla/dbm mozilla/security/dbm cvs co -r NSPR_4_6_7_RTM mozilla/nsprpub cd mozilla/security/nss gmake nss_build_all BUILD_OPT=1 cd ../jss gmake BUILD_OPT=1 Then look for libjss4.so under a subdirectory under mozilla/dist and use that. JSS needs to be signed by keys that Sun issued certs for, so you can't use arbitrary keys/certs to sign JSS. But JSS signing is only necessary if you use the "Mozilla-JSS" JCE provider and only the jar file is signed. Since you will be modifying the C code, JSS signing is not an issue. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
