Do you have in Intel Mac, and build NSS for it? If so, you could help us determine whether NSS code is the cause (or not) of a problem reported by an Intel-Mac FireFox/ThunderBird user. That would be a real help right now.
You'll need an Intel Mac, and a build of NSS 3.11.x (x >= 4) including the NSS test tools, such as pp, certutil, etc. You'll also need NSPR shared libraries. You could get the NSS and NSPR shared libraries from a recent FireFox or Thunderbird release, but you'll probably have to build the NSS test tools yourself. The test is to print out a certificate and "verify" the certificate, using NSS tools, and post the results. The cert can be downloaded from https://bugzilla.mozilla.org/attachment.cgi?id=282788 It's a plain ASCII text file, containing a PEM-encoded certificate. Let's say you download it into a file named /tmp/ECARootCA.pem (I don't know if Mac users use /tmp. If not, then please choose some other suitable temporary/junk directory.) Then run commands similar to these: pp -t certificate -a -i /tmp/ECARootCA.pem > /tmp/testoutput.txt mkdir /tmp/DB echo test > /tmp/DB/pw # if the following command has problems, try without the "-z /dev/urandom" certutil -d /tmp/DB -N -z /dev/urandom -f /tmp/DB/pw # note: the following uses NSS's atob command grep -v .--- /tmp/ECARootCA.pem | atob -o /tmp/ECARootCA.der vfychain -d /tmp/DB -u 11 -v /tmp/ECARootCA.der >> /tmp/testoutput.txt 2>&1 vfychain -d /tmp/DB -u 10 -v /tmp/ECARootCA.der >> /tmp/testoutput.txt 2>&1 vfychain -d /tmp/DB -u 1 -v /tmp/ECARootCA.der >> /tmp/testoutput.txt 2>&1 and email the /tmp/testoutput.txt to me (after removing all the NO and SPAM from my email address), or post it to the list. Thanks! /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
