Hi Matthias
As stated in [1] you should use nssModule=trustanchors
I have tried:
String config = "name = NSS\r\n nssLibraryDirectory = "+ tmpDirName
+ "\r\n nssSecmodDirectory = " + profile.replace("\\", "/") + "\r\n
nssDbMode = readOnly\r\n nssModule = trustanchors\r\n attributes =
compatibility\r\n";
Or even (as suggested in [2]):
String config = "name = NSS\r\n library = " + tmpDirName +
"nssckbi.dll\r\n slotListIndex = 0\r\n enabledMechanisms = { KeyStore }\r\n
nssUseSecmodTrust = true\r\n";
Both with same result: "Symbol not found: NSS_VersionCheck"
Probably Im misisng something (or a library/dependency/something
else)...but, IIUC, Java's SunPkcs11 is invoking NSS_VersionCheck which I'm
not able to find on any bundled library.
Dont know if any of the guru's could give some light on this issue. Added
as CC.
If its definetively a bug and you are interested in investigating and maybe
fixing, I suggest you to:
- Ticket a bugzilla (regression [3] ?) about backward compatibility with
Java to mess with NSS. I don't expect any success. (if you open it, please,
tell us!)
- Ticket Oracle to correct the function invocation. I don't expect any
success. (If you open a ticket, tell us!)
- Have a look on JSS code and check how's done
- Look for alternatives, such as JSS and certutil...
[1]
http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#NSS
[2] http://www.docjar.com/html/api/sun/security/pkcs11/Secmod.java.html
[3]
https://hg.mozilla.org/projects/nss/file/fc06a531ea57/security/nss/lib/nss/nss.rc
Cya
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
