Re: Using libnss with client certificates via pkcs11

2013-06-21 Thread Robert Relyea
Third, you may need to hook the client_auth_callback as John describes below. If your server sends the list of trusted CA's in it's client auth request, then the default client_auth_callback should be able to find the cert on your smartcard without requiring the use of any special hooks, bu

Re: Using libnss with client certificates via pkcs11

2013-06-21 Thread Robert Relyea
On 06/21/2013 08:13 AM, John Dennis wrote: On 06/20/2013 01:20 PM, Johan Dahlin wrote: [Sorry if this appears twice, the first copy got stuck in the moderation queue] I'm investigating the use of smart card readers for my application[1], which is also free software. As part of the brazilian el

Re: Using libnss with client certificates via pkcs11

2013-06-21 Thread Johan Dahlin
I've been setting that as well, if I pass in a nickname nss says that the database is corrupted, so I'm passing in an empty string. I managed to get the password callback called as well, so there's some interaction with the pkcs11 device. Still seeing a 403 though. I've been trying to figure out

Re: moznss error -8172

2013-06-21 Thread Robert Relyea
ldap_start_tls: Connect error (-11) additional info: TLS error -8172:Peer's certificate issuer has been marked as not trusted by the user. This means that the given cert wasn't signed by any trusted certificate. [[Rod's comment]] Can I sign it by using the CA I downloaded from Geot

Re: moznss error -8172

2013-06-21 Thread Rich Megginson
On 06/21/2013 07:48 AM, Rodney Simioni wrote: Comments below. -Original Message- From: dev-tech-crypto-bounces+rodney.simioni=verio@lists.mozilla.org [mailto:dev-tech-crypto-bounces+rodney.simioni=verio.net@lists.mozilla.o rg] On Behalf Of Robert Relyea Sent: Thursday, June 20, 2013

Re: Using libnss with client certificates via pkcs11

2013-06-21 Thread John Dennis
On 06/20/2013 01:20 PM, Johan Dahlin wrote: > [Sorry if this appears twice, the first copy got stuck in the moderation > queue] > > I'm investigating the use of smart card readers for my application[1], > which is also free software. > > As part of the brazilian eletronic legislation I need to b

RE: moznss error -8172

2013-06-21 Thread Rodney Simioni
Comments below. -Original Message- From: dev-tech-crypto-bounces+rodney.simioni=verio@lists.mozilla.org [mailto:dev-tech-crypto-bounces+rodney.simioni=verio.net@lists.mozilla.o rg] On Behalf Of Robert Relyea Sent: Thursday, June 20, 2013 7:16 PM To: dev-tech-crypto@lists.mozilla.org; E