Building NSS 3.11.1 as static libraries on Windows?
At least when browsing: http://www.mozilla.org/projects/security/pki/nss/intro.html It looks like it should be possible to use the static libraries built on windows by linking against nss.lib, ssl.lib, and libnspr4_s.lib. However, this does not appear to be working properly -- when linking I am getting a whole lot of unresolved symbol messages. (I am using NSS in an external application...) I guess the basic question is, does NSS actually support building and using static libraries? Is there any voodoo necessary to get it to work? Thanks -jim spring ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Building NSS 3.11.1 as static libraries on Windows?
Anyang Ren wrote: Also note that starting in NSS 3.11, even the command line tools that link with NSS static libraries need freebl3.dll at run time, because the static lib freebl.lib simply loads the appropriate freebl shared libary for the processor and calls the same-named function in the freebl shared library. It's a lot of work now to truly link with only NSS static libs. AYR Anyand, Nelson Thanks for the pointers. I was hoping to get around some windows build ugliness, but the guy doing the bulk of the windows stuff helped figure out some stuff where dynamic linking is working alright now. I usually try and keep myself confined to the sane world of Linux/Unix. I'll take a look at the USE_STATIC_LIBS items. In case the issue should arise in the future. -jim ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Proper method for iterating through certificates on a token?
So, I've got some code that works, but I know it is not quite the right way to do it, so any pointers would be helpful. Basic scenario is this: Given the name of a known module, say, "foo" I want to enumerate over each slot in only that module to find the cert that I need. This is for SSL client auth. And the reason for specifying a specific module is so that other modules present in the config are ignored. So, I've started off with sampel code in the SSLSample application in NSS and modified from there (IE, setting up my own SSL Get Client AuthData callback). The basic logic in the code is: 1. Find module from known name using SECMOD_FindModle 2. Iterate over the slots in the module specifically using the "slots" and "slotCount" entries within the SECMODModule data structure. 3. For each slot: 3a. I check if it is present, and if it is make sure it is logged in to. 3b. Call PK11_ListCertsInSlot to get the list of certs in the slot. I then iterate over them until one matches the required criteria. 4. If a certificate that matches the criteria is found, retrieve the private key using PK11_FindKeyByAnyCert. 5. At this point, if a cert was found, I have both a reference to the certificate and a reference to the private key. However, upon freeing the list acquired in step (3b) using CERT_DestroyCertList my reference to the certificate found also becomes invalid. The question is, what is the best way, given the scenario, to keep a valid reference to the certificate? I can easily call PK11_GetCertFromPrivateKey, but that seems silly. Thoughts? If there is a better way to approach the scenario in general, I am all ears. It's been awhile since I've gotten my hands in this deep. Thanks, -jim spring ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Thunderbird SMIME/LDAP support
I am seeing mixed messages when I search google on this one. I haven't had a chance to delve into the code yet. But, is Thunderbird capable of retrieving SMIME certificates from an LDAP repository? If so, are there any decent how-tos on this? I suspect, if it does work, it is a matter of getting Thunderbird set up with SMIME and looking for a userCertificate item in an LDAP entry for a given person. Thoughts / pointers? I'm just trying to do some homework before diving in and trying it. Thanks -jim ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
