On 2010/05/05 05:42 PDT, David Stutzman wrote: > I'm guessing my previous submission was eaten by the terrible list > monster due to having an attachment...
Hmm. I think it would have gone into the "moderation queue", where I would have seen it, and I haven't seen anything from you there. > So I tried again tweaking the process slightly and now I can both > generate an EC key and make an SSL connection using vfyserv. Then I > moved on to attempting to use the new NSS libraries in our application > via JSS and I got another SSL error: > org.mozilla.jss.ssl.SSLSocketException: SSL_ForceHandshake failed: > (-8157) Certificate extension not found. :( That error code means that NSS found something wrong, but failed to set the proper error code for the problem it found, leaving the error code set to a previous internal value that is irrelevant to the problem that led to the exception. :( :( No SSL function should ever return with that particular error code set. When ever an SSL function does return that error code, it's a bug in NSS. I've tried to eliminate all of those over the years, but apparently at least one still exists. What can you do to investigate? Maybe use a source level debugger ? Maybe capture the SSL connection with SSLTAP? Maybe use wireshark to see if any OCSP fetch occurred or any CRL fetch occurred? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
