Re: Re: possible bug in NSS and pkcs11 with multiple certs

On 11/9/06, Bob Relyea <[EMAIL PROTECTED]> wrote: > However, FF ALWAYS uses the first certificate it finds from PKCS11. I > can switch the order around of the certs in my code and FF will > always select the first one even if the usage for SSL is not there, > even if I didn't select it when prom

Re: possible bug in NSS and pkcs11 with multiple certs

Christian Bongiorno wrote: I am currently writing a PKCS11 module for a new card that is required by policy to have 3 certs for 3 different uses (I have no idea why). There is 1 for client authentication, 1 for signing emails, and 1 for encryption. When I go to use firefox for client authentica

Re: Prepare SECItem for DER_Encode()

Wei Shao wrote: Hi, if I need to populate a OCTET_STRING for DER encoding, how shall I prepare the SECItem structure? I need to call this method, SECStatus DER_Encode(PRArenaPool *arena, SECItem *dest, DERTemplate *dtemplate, void *src) where src is a pointer to SECItem structure. How shall

Re: certuil -V (verify) failure and self-signed CA cert

Wei Shao wrote: Hi, I used a self-signed CA to sign another user certificate. Then I run certutil -V for verification of the signed cert. I get this error, "certificate is invalid: Peer's certificate has been marked as not trusted by the user." how did you import the certs? (what does the tr

certutil -e option does not work

>From the documentation, certutil with -e option will check a certificate's signature during the cert validation. But it is not working. I have a cert with corrupted signature but the validation passed. Wei ___ dev-tech-crypto mailing list dev-tech-cr

Extension project: poppwd over SSL

The simple mechanism allowing to the client independently and safely to change the password for the account - a problem of many admins. I have run daemon poppwd over SSL. (And differently it is not clear, what madman will transfer the password on the open connection.) The poppwd protocol is r

certuil -V (verify) failure and self-signed CA cert

Hi, I used a self-signed CA to sign another user certificate. Then I run certutil -V for verification of the signed cert. I get this error, "certificate is invalid: Peer's certificate has been marked as not trusted by the user." This may be by design. But is there anyway to let me pass without

Re: SEC_ASN1Template and OPTIONAL/ANY

Thanks for the detailed info! Weidong Nelson B wrote: > Wei Shao wrote: > > > can someone explain how the ASN1 template works in general, > > http://www.google.com/search?hl=en&q=asn.1+template+site%3Amozilla.org > will show you the available documentation on NSS's ASN.1 templates. > See especiall