Wan-Teh Chang wrote, On 2008-09-24 11:24: > On Tue, Sep 23, 2008 at 11:35 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: >> David B Hinz wrote: >>> In the Java code the JSS (or libjss.so) code is apparently holding on to >>> the certificates when it first reads them. When the certs are changed >>> in the /home/user/.ldapcerts/key3.db and /home/user/.ldapcerts/cert7.db >>> they are not re-read so the user cannot be re-authenticated. >> cert7 ?? Is that a typo? >> >> Any version of NSS/JSS that uses cert7 is at least 10 years old. >> NSS hasn't used cert7 for over 10 years. > > cert7.db isn't that old. The switchover to cert8.db occurred in NSS 3.7, > which was released in December 2002: > http://www-archive.mozilla.org/projects/security/pki/nss/nss-3.7/nss-3.7-release-notes.html > > But it's still very old.
Thanks, Wan-Teh. You're right. My memory failed me. So, David Hinz is probably using something derived from NSS 3.3 or 3.2, which Sun kept alive until it switched to NSS 3.9.something in 2004, IIRC. Since that old stuff is no longer being maintained (EOL), switching to code based on current versions of NSS will be a necessary step. I still wonder what LDAP JDK he's using, since it definitely does not appear to match the capabilities of the code in Mozilla's repository. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
