Eddy Nigg wrote, On 2009-01-21 07:49 PST: > On 01/21/2009 03:41 PM, Nelson Bolyard: >> Eddy Nigg wrote, On 2009-01-21 05:16:
>>> If the CA certificates are on the card, there are some odd behaviors. >> >> Oh? Please tell us more. > > Ah yes, maybe I should...it's in my nature to work around such problems > too many times. Basically if the CA certificates are imported into the > card, than those CAs take preference by NSS (for whatever ever reason). > Meaning, the builtin CA root isn't visible in the cert manager, but the > one from the smart card is. Unfortunately, the trust bit sets only "web > sites" to true. Editing the trust bits helps for the session, but it's > obviously gone after restart. That's correct with Athena card reader and > Aladdin eToken Pro Smart Card using Aladdin's middle ware and driver. NSS is designed to keep trust bits in the cert DB for certs in all tokens. You should be able to set any of the trust flags on any cert that NSS can see, and they should be able to persist (be stored in the DB). Whether trust persists or not depends on whether the application asks NSS to make it persist. Also, IIRC & IINM, when you set a trust flag on a cert, it affects all copies of that cert, regardless of the token that the cert is in. So, it sounds like the behavior you've observed is a bug somewhere. I think you should file a bug with steps to reproduce using (say) an eToken. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
