2009/11/19 Kai Chan <nahc...@gmail.com>: > Hi, > > I'm using NSS 3.12.4 with NSPR 4.8 release. I want to generate keys and > certs with the basic supported ECC curves (nistp256, nistp384, nistp521) > included when NSS is compiled with the "NSS_ENABLE_ECC" flag. However, when > I try using certutil to generate certificates using the basic NIST curves, I > keep receiving the "security library failure" error. Is there something in > NSS that has to be patched or a step during configuration that I missed? > Could someone please verify the steps performed below are correct: > > tar -xvf nss-3.12.4-with-nspr-4.8.tar. > gz > NSS_ENABLE_ECC=1; export NSS_ENABLE_ECC > cd nss-3.12.4-with-nspr-4.8/mozilla/security/nss > make nss_build_all > alias > certutil='home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil'
You also need to set LD_LIBRARY_PATH, otherwise your certutil command will be using the system NSS shared libraries, which may not have ECC support compiled in. LD_LIBRARY_PATH=home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib export LD_LIBRARY_PATH You can run the ldd command to verify your certutil command is using the NSS shared libraries you built, rather than the system NSS libraries in /usr/lib or /usr/lib32: ldd home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
