I've been setting that as well, if I pass in a nickname nss says that the database is corrupted, so I'm passing in an empty string.
I managed to get the password callback called as well, so there's some interaction with the pkcs11 device. Still seeing a 403 though. I've been trying to figure out what I do different from firefox but no real luck yet. Thanks anyway, I'll continue to try to figure out what might be wrong/different. On Fri, Jun 21, 2013 at 12:13 PM, John Dennis <jden...@redhat.com> wrote: > On 06/20/2013 01:20 PM, Johan Dahlin wrote: >> [Sorry if this appears twice, the first copy got stuck in the moderation >> queue] >> >> I'm investigating the use of smart card readers for my application[1], >> which is also free software. >> >> As part of the brazilian eletronic legislation I need to be able to >> connect to a https server[2] and do a couple of soap calls. >> >> It works just fine in Firefox 21, when I: >> >> * Go to the site >> * Add a certificate exception via the "I accept the risk" dialog >> * Enter the PIN for the smart card reader via a popup dialog >> * Access the site normally >> >> When I tried adapting httplib_example.py in python-nss I ran into >> two problems: >> >> it has an unknown issuer which I can workaround by implementing a >> SSL_AuthCertificateHook. >> >> The second problem however is that I need a way to use the client >> certificate from the smart card reader, including ask the user >> to enter a pin code. >> >> How can I access a site requiring a client certificate stored on a >> pkcs11 compatible smart card readers via libnss/python-nss? > > Did you set the socket client auth callback to supply the client cert? > > See SSLSocket.set_client_auth_data_callback() > > There is an example of it's usage in doc/examples/ssl_example.py > > John > > -- Johan Dahlin Async Serviços de Informatica Ltda. Sócio / Diretor + 55 16 3376 0125 + 55 16 9112 6219 -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
