Hi, I use a Smartcard with a X.509 certificate (Siemens CardOS). This certificate works with Thunderbird 2.0.0.19 on Microsoft Windows XP SP3. If I use the same smartcard with Linux and Thunderbird 2.0.0.19 (more exactly icedove from Debian unstable) then I can configure all the necessary stuff (e.g. assign the cert to the mail account) but I cannot use the cert to sign or encrypt a mail.
The error message is that the certificate must be valid and trusted. Both is correctly configured. I analysed the situation and discovered that the purpose of the cert on Windows is "Client, sign, encrypt" but the purpose on Linux is "<unknown>". I checked the cert with OpenSSL and noticed that the certificate does not include the usual nsCertType extensions. So my question is, is there a difference between the crypto libraries used by the Mozilla Windows and Linux versions regarding the certificate extensions? FYI the internal PKCS#11 module of Thunderbird displays the following HW versions for the Generic Crypto Services: Linux 3.12 and 4.0 Windows: 3.11 and 8.3 Best regards Michael _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
