Third, you may need to hook the client_auth_callback as John describes
below. If your server sends the list of trusted CA's in it's client
auth request, then the default client_auth_callback should be able to
find the cert on your smartcard without requiring the use of any
special hooks, but if there isn't enough information, then a
client_auth_callback hook would be needed.
So I was wrong, there is not default client_auth_callback, so this third
step is required as well. The default is that NSS does not send the
client auth message. (Thanks John for pointing this out).
bob
Did you set the socket client auth callback to supply the client cert?
See SSLSocket.set_client_auth_data_callback()
There is an example of it's usage in doc/examples/ssl_example.py
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
