Hi Glen,
Thanks for the response. I haven't had time to run the tests you suggested but hopefully this week I will be able to.
> hi David,
>
> For JSS with SSLServerSocket if you want to do a reconnect because your
> orginal cert you configured has expired
> is now INVALID you would have to re-call setServerCert or
> setServerCertNickname first and configure the new cert.
> For the JSS SSLSocket client connection you have the same methods.
> http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html
> http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLServerSocket.html
> If this is a JSS issue you should be able to recreate the issue by
> modifying this JSS test program
> http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/SSLClientAuth.java
>
> Please modify the test program to create a reproducible test case with
> the latest JSS, then attach it to a bug.
> Please list your exact version of NSPR/NSS/JSS/platform you're using.
>
> If your JSS stand alone test program works, then you should be able to
> use the cert creation
> from SSLClientAuth.java to add the Java LDAP SDK and reproduce the bug.
> Then
> make a bug on the Java Ldap SDK team.
>
> I don't know how much development is being done on the Java LDAP SDK,
> but you're
> able to download the source build/debug/provide fix. Both JSS and the
> Java LDAP SDK
> are open source owned by the Mozilla Foundation and they welcome
> contributions.
> http://www.mozilla.org/directory/javasdk.html
>
> Note: in your c++ application if you're able to call NSS_Shutdown and
> re-initialize NSS,
> you could do the same with JSS. Some code to help:
> http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/CloseDBs.java
> But you shouldn't need to shutdown NSS and re-initialize this is really
> frowned upon.
> Your application may be 24X7 but this re-reinitialization of NSS is
> basically a
> restart of your application.
>
> Again once you installed your new certificates and your old certificates
> have INVALID_CREDENTIALS, provided your code doesn't keep trying to use
> the same handle to the
> old certificates and instead before attempting to reconnect it obtains
> new handles
> to the new valid certificates then tries a new connection every thing
> should work fine.
> Please create a reproducible test case. I expect in the process of doing
> so you
> should fix this issue, if not when you have a reproducible JSS test case
> I will
> see what I can do. If the issue is with the Java LDAP SDK then likely a fix
> would be needed to the reconnect method.
> -glen
>
>
> For JSS with SSLServerSocket if you want to do a reconnect because your
> orginal cert you configured has expired
> is now INVALID you would have to re-call setServerCert or
> setServerCertNickname first and configure the new cert.
> For the JSS SSLSocket client connection you have the same methods.
> http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLSocket.html
> http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/ssl/SSLServerSocket.html
> If this is a JSS issue you should be able to recreate the issue by
> modifying this JSS test program
> http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/SSLClientAuth.java
>
> Please modify the test program to create a reproducible test case with
> the latest JSS, then attach it to a bug.
> Please list your exact version of NSPR/NSS/JSS/platform you're using.
>
> If your JSS stand alone test program works, then you should be able to
> use the cert creation
> from SSLClientAuth.java to add the Java LDAP SDK and reproduce the bug.
> Then
> make a bug on the Java Ldap SDK team.
>
> I don't know how much development is being done on the Java LDAP SDK,
> but you're
> able to download the source build/debug/provide fix. Both JSS and the
> Java LDAP SDK
> are open source owned by the Mozilla Foundation and they welcome
> contributions.
> http://www.mozilla.org/directory/javasdk.html
>
> Note: in your c++ application if you're able to call NSS_Shutdown and
> re-initialize NSS,
> you could do the same with JSS. Some code to help:
> http://mxr.mozilla.org/security/source/security/jss/org/mozilla/jss/tests/CloseDBs.java
> But you shouldn't need to shutdown NSS and re-initialize this is really
> frowned upon.
> Your application may be 24X7 but this re-reinitialization of NSS is
> basically a
> restart of your application.
>
> Again once you installed your new certificates and your old certificates
> have INVALID_CREDENTIALS, provided your code doesn't keep trying to use
> the same handle to the
> old certificates and instead before attempting to reconnect it obtains
> new handles
> to the new valid certificates then tries a new connection every thing
> should work fine.
> Please create a reproducible test case. I expect in the process of doing
> so you
> should fix this issue, if not when you have a reproducible JSS test case
> I will
> see what I can do. If the issue is with the Java LDAP SDK then likely a fix
> would be needed to the reconnect method.
> -glen
>
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
