On Fri, Nov 14, 2008 at 9:54 PM, Hans Petter Jansson <[EMAIL PROTECTED]> wrote:
>
> /* Step 3: Authenticate to the token */
>
> rv = PK11_Authenticate (slot, PR_FALSE, &pwdata);
> if (rv != SECSuccess)
> {
> fprintf (stderr, "*** Auth call failed: %u.\n", PORT_GetError ());
> return rv;
> }
> }
>
> This works for some databases, but not others. It doesn't seem to matter
> which application created the database (I've tried with databases from
> Firefox and Evolution) - e.g. one user's database may fail while another
> user's database may migrate properly. When it fails, it's always on the
> first PK11_Authenticate () call (step 3). The code above produces the
> following output:
>
> *** Auth call failed: 4294959104.
>
> That is, 0xffffe000. If I set up an auth callback, it never gets called.
> Do you have any suggestions as to what I'm doing wrong here?
Bob Relyea is the best person to answer your question. I just
wanted to suggest a change to your code. PORT_GetError()
returns 'int', so you should print it with the %d format.
The error code you get is -8192, which is SEC_ERROR_IO:
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
The fact that PK11_Authenticate failed, the error code is
SEC_ERROR_IO, and your auth callback never gets called implies
that the PK11_NeedUserInit call in PK11_DoPassword failed:
http://mxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11auth.c#553
553 if (PK11_NeedUserInit(slot)) {
554 PORT_SetError(SEC_ERROR_IO);
555 return SECFailure;
556 }
This is all I can fine out...
Bob, SEC_ERROR_IO seems like a strange error code for reporting
that PK11_NeedUserInit(slot) failed.
Wan-Teh
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
