On Sat, Aug 31, 2019 at 12:40 AM JC Jones wrote:
> On Thursday, August 29, 2019 at 7:31:46 PM UTC-7, John Jiang wrote:
> > Hi,
> > When I build NSS 3.45 on windows 2016 with VS2017, it hung at "cd freebl;
> > make export".
> >
> > The fol
Hi,
When I build NSS 3.45 on windows 2016 with VS2017, it hung at "cd freebl;
make export".
The followings are the last outputs in the console,
... ...
make[1]: Entering directory `/path/to/nss-3.45/nss/lib'
cd util; make export
make[2]: Entering directory `/path/to/nss-3.45/nss/lib/util'
Creating
but the fix
> > in
> >
> https://hg.mozilla.org/projects/nss/rev/ad2a42aed57a01cfc1d8b14fad8c782f52e17093
> > doesn't work here if these arguments are at the end of the string. Maybe
> > it is because the version of make we now have on mac quotes the arguments
>
J':
configure:3577: error: C compiler cannot create executables
See `config.log' for more details
==
I also checked the config.log for NSS 3.43, it looks cc doesn't use option
"x86_64".
Thanks!
>
> On Sun, Jun 23, 2019 at 6:27 PM John
Hi,
I tried to build NSS 3.44 on MacOSX 10.13.6 (Darwin Kernel Version 17.7.0).
Just run "make nss_build_all" in directory nss-3.44/nss, and got the below
errors,
mkdir -p ./../nspr/Darwin17.7.0_cc_64_OPT.OBJ
cd ./../nspr/Darwin17.7.0_cc_64_OPT.OBJ ; \
CC="cc x86_64" CXX="g++ x86_64" sh ../configur
make nss_build_all` to build NSS.
Does that mean my build should already be a debug build?
Thanks!
>
> On Sat, 5 Jan. 2019, 11:40 John Jiang
> > I had read that page. In fact, SSLDEBUG and SSLTRACE were used in my last
> > try.
> > My NSS was built with "BUILD_OPT=0&q
ght need a debug build (i.e. build yourself with debugging enabled).
>
> https://wiki.mozilla.org/NSS:Tracing
>
> Kai
>
> On 03.01.19 13:51, John Jiang wrote:
> > Just tried it, but looked not work.
> >
> > $ export SSLDEBUG=1
> > $ export SSLTRACE=127
>
> that 20-ish gets some fairly useful logging.
>
> On Thu, Jan 3, 2019 at 6:12 PM John Jiang
> wrote:
>
> > Can NSS tools, like selfserv and tstclnt, output debug info?
> > My NSS binary is built with debug mode.
> >
> > I try to enable the debug logs for
Can NSS tools, like selfserv and tstclnt, output debug info?
My NSS binary is built with debug mode.
I try to enable the debug logs for selfserv and tstclnt, but don't get any
useful option.
Option -v just outputs a bit more logs. That's not enough for me.
I wish the tools can output more details
NSS 3.40 release note contains "It is easier to build NSS on Windows in
mozilla-build environments".
Does it mean that I can build NSS with VS 2017 now?
I'm following the guide in
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Building, and
using MozillaBuild 3.2.
But after start Mo
Any new update on this point?
Can I build NSS with VS2017 now?
Best regards,
John Jiang
2018-01-19 15:41 GMT+08:00 Franziskus Kiefer :
> Hi John,
>
> using MozillaBuild 2.x with VS 2015 should work fine. That's the only
> configuration at the moment that works for building
ths, and a low
> priority item, but it is still on my todo list). Getting selfserv and
> tstclnt to use those keys requires the stack to support them fully,
> which - right now - it doesn't.
> On Thu, May 31, 2018 at 2:31 AM John Jiang
> wrote:
> >
> > Hi,
> > I
Hi,
I'm using NSS 3.37.
Tried to specify a RSASSA-PSS certificate for selfserv and tstclnt, but
looks no option supports this certificate type: "Must specify at least one
certificate nickname using '-n' (RSA), '-S' (DSA), or 'e' (EC)."
But it looks the current NSS supports RSASSA-PSS.
--
dev-tech
Hi,
Using NSS 3.37
How to take selfserv to send response when it is connected by a client?
Can I implement the below case in shell?
1. tstclnt sends specific request to selfserv;
2. and then the selfserv sends specific response to the tstclnt;
3. (Optional) the tstclnt quits automatically after i
Using NSS 3.35 on MacOSX to test session resumption (via session id).
If a client connect to a selfserv server with same options many times, the
server may not reuse the session.
I used a JSSE client to connect the selfserv server twice. In the second
connection, the client used the same SSL cont
Using NSS 3.35
Can tstclnt be used to check session resumption (via session id)?
With the tool's usage help, options "-r" and "-u" are related to session
resumption.
Option "-u" is related to session ticket, howerver I focus on session id,
so just option "-r 2" was used in my command.
But it look
; > These sound like simple bugs. Most are probably good first bugs for
> > someone looking to contribute.
> >
> > On Thu, Feb 8, 2018 at 6:13 PM, John Jiang
> > wrote:
> > > Hi,
> > > Using NSS 3.35.
> > >
> > > It looks tstclnt a
Hi,
Using NSS 3.35.
It looks tstclnt always send SNI extension, even though no option "-a".
As for selfserv, I suppose it should have an option for configuring
multiple certificates (nicknames) for server side. But I don't find it.
In addition, option "-n" means rsa_nickname, but with my testing,
Thanks for the clarification!
2018-02-07 22:43 GMT+08:00 Franziskus Kiefer :
> Hi,
>
> -Q was added in NSS 3.26 and adds, as described, "ALPN for HTTP/1.1
> [RFC7301]".
> There's currently non way to set a custom ALPN.
>
> Cheers
>
> On Wed, Feb 7, 2018
Hi,
I'm playing selfserv and tstclnt from a NSS 3.35 build.
Although selfserv introduces option "-Q" for enabling ALPN, I don't find
any option to allow selfserv and tstclnt to specify their application
protocols respectively.
How to make selfserv and tstclnt to negotiate application protocol?
Than
le1
Here, in deed, certificate example2 is displayed.
It looks a bug.
Best regards,
John Jiang
2018-01-31 13:07 GMT+08:00 John Jiang :
> Hi,
> I'm using NSS 3.35.
>
> With my testing, it is not allowed to import multiple certificates with
> same subject and different nicknames to
Hi,
I'm using NSS 3.35.
With my testing, it is not allowed to import multiple certificates with
same subject and different nicknames to a certificate database via pk12util.
I just want to confirm this point.
Best regards,
John Jiang
--
dev-tech-crypto mailing list
dev-tech-c
nment variables.
Best regards,
John Jiang
2018-01-12 14:21 GMT+08:00 John Jiang :
> Hi,
> I need to build NSS with VS 2013 and MozillaBuild 2.2.0.
>
> Just found the building failed on NSS 3.33 and 3.34.1, exactly many libs,
> like nss3, ssl3, were missing.
> But the building looked fin
regards,
John Jiang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
from studying
either the NSS source or source code that uses NSS.
At one time there was better doc online but I think some of it has
disappeared with various attempts to organize Mozilla developer doc.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozi
ue)
# Print out the names
print 'certificate subject: %s' % cert.subject
print 'has %d alternate names' % len(names)
for name in names:
print ' %s' % name
# Success
sys.exit(0)
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 02/23/2017 11:14 AM, John Dennis wrote:
On 02/23/2017 11:04 AM, Paul Wouters wrote:
Hi,
I'm looking at the best way to get a list of SubjectAltNames of a
CERTCertificate.
Anyone have a pointer (haha) for me ?
CERT_DecodeAltNameExtension
See secu_PrintAltNameExtension() in cm
On 02/23/2017 11:38 AM, Miklos Vajna wrote:
Hi,
On Thu, Feb 23, 2017 at 10:44:10AM -0500, John Dennis
wrote:
You should follow the RFC specifications, in this case RFC-4514 and
RFC-4512.
Thanks for the numbers, I wasn't sure where is this specified.
The second example with th
n lib/certdb/certdb.c for an examples.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
without a "OID." prefix. The test should include a test for a numericoid.
FWIW the code is implementing a very old obsoleted RFC the "oid." prefix
comes from RFC-1485 published in 1995, the current RFC 4514 is from 2006.
RFC 4514 obsoletes 2253 which obso
DB/slot, you won't actually be able to do that
This is extremely bad, because i have to maybe change the Trust-Status of some
Certificates.
So in conclusion for my needs it would be the way to open each database
separately and successively?
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 01/10/2017 04:23 PM, Robert Relyea wrote:
2) To open additional databases you want to use SECMOD_OpenUserDB:
Bob, is SECMOD_OpenUserDB new?
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
abases has been
frustratingly difficult, my advice is if you can avoid it then you're
much better off.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
on :
> Hi John,
>
> Could you open a bug?
> https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=Libraries
>
> On Thu, Dec 29, 2016 at 5:19 PM, John Jiang
> wrote:
> > Hi,
> > I tried to build NSS 3.27.1 [1] on Mac OS X 10.10, but the building ended
Hi,
I tried to build NSS 3.27.1 [1] on Mac OS X 10.10, but the building ended
with the following message:
ocsp.c:2200:32: error: unknown warning group '-Wvarargs', ignored
[-Werror,-Wunknown-pragmas]
#pragma GCC diagnostic ignored "-Wvarargs"
^
1 error generated.
make
Hi,
I tried to build NSS 3.16 + NSPR 4.10.4 with VS2013 (Community) on Windows
8 x64.
But finally the following errors were raised:
WIN954.0_64_DBG.OBJ\addbuiltin.obj
addbuiltin.obj : error LNK2019: unresolved external symbol
__imp___acrt_iob_func referenced in function print_crl_info
sectool.lib(b
ust 20, 2016 6:58:02 AM GMT -08:00 US/Canada Pacific
> Subject: Re: Problem on building NSS with Windows
>
> 2016-08-20 20:25 GMT+08:00 Manuel Dejonghe :
>
> > On Sat, Aug 20, 2016 at 4:00 AM, John Jiang
> > wrote:
> > > I checked the full logs. Many "execvp
2016-08-20 20:25 GMT+08:00 Manuel Dejonghe :
> On Sat, Aug 20, 2016 at 4:00 AM, John Jiang
> wrote:
> > I checked the full logs. Many "execvp: pwd: Permission denied" in the
> logs,
> > like the below,
> > ...
> > make[1]: Leaving dir
Hi,
Thanks for your reply.
I don't get any useful info from env output, like the below
$ env | grep msys
OSTYPE=msys
MACHTYPE=i686-pc-msys
2016-08-20 0:31 GMT+08:00 Wan-Teh Chang :
> On Fri, Aug 19, 2016 at 1:49 AM, John Jiang
> wrote:
> > Hi,
> > Thanks for your repl
reconf/nsinstall'
cd nsinstall; make libs
...
Does it impact the building?
Thanks!
2016-08-20 9:48 GMT+08:00 Julien Pierre :
> That looks correct; must be a different issue then.
>
> Julien
>
>
>
> On 8/19/2016 18:44, John Jiang wrote:
>
>> Run &quo
> check which gmake or make you have with gmake.exe -v .
>
> You might also have the Microsoft make.exe / nmake.exe in your path .
>
> Make sure the version of make in your path is GNU make and not another
> make.
>
> Julien
>
>
>
> On 8/19/2016 00:24, John Jiang wrote:
ox.org/nss/rev/462a77115abebd0f3cd9cb56dbc350
> a25b9be706/lib/util/quickder.c
>
> On Fri, Aug 19, 2016 at 9:30 AM, John Jiang
> wrote:
>
> > In addition, I have checked my installed MozillaBuild. It doesn't include
> > file quickder.c.
> > Is there any wrong on Mo
In addition, I have checked my installed MozillaBuild. It doesn't include
file quickder.c.
Is there any wrong on MoziilaBuild? Or some issue in my environment?
2016-08-19 15:24 GMT+08:00 John Jiang :
> Hi,
> I tried to build NSS on Windows 7 x86_64 machine, and followed the
> i
Hi,
I tried to build NSS on Windows 7 x86_64 machine, and followed the
instructions at:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Building
VS 2015 community and Latest MozillaBuild have been installed, and USE_64
was set to 1.
When "make nss_build_all" finished, I got the below
_FindCertByNickname is also undocumented. Nor is there any
documentation on the syntax of nicknames in Cert DB.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
statement?
> NOT to use URIs as URIs
Is this a typo?
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
tern "C" {
#include "nss.h"
}
should do the trick, google mixing C and C++, you should find a ton of
information.
Must i compile NSS and NSPR first and the use the DLL / Libs? Would
be very helpful if someone could explain it in detail.
Thanks a lot!
On 10/30/2015 10:05 AM, John Dennis wrote:
On 10/30/2015 06:23 AM, JBarry wrote:
Good Morning,
I'll apologize in advance if this question has already been
asked/answered
(I did look and found nothing that helped me out) or if the question
seems
trivial. I am a college intern currently wo
plain this then that would be extra
awesome)
Any help is much appreciated,
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
roll out new
features. I seem to recall Christina may have added ECC support in JSS
but I'm not sure. Then there is the fact the version of JSS used by her
team is a fork (or at least it was).
Really the best answer if you need something in JSS is "patches welcome".
Seems CERT_DecodeCertFromPackage is now included in smime3.dll instead of
nss3.dll.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Missing-functions-in-latest-NSS-library-tp340623p340733.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-te
Actually, simply uncommenting the line in nss.def doesn't work - NSS build
fails with the following:
nss.def : error LNK2001: unresolved external symbol
CERT_DecodeCertFromPackage
Do I need to make other changes elsewhere?
Thanks,
John
--
View this message in context:
http://mozilla.65
like this function has been commented out in nss.def
;+#CERT_DecodeCertFromPackage;
Was there a reason for this? Can I simply uncomment, rebuild, and use this
function in my codes?
Thanks,
John
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Missing-functions-in-lates
Thanks - I was looking at the wrong nss.def file.
Will try patching the source.
Thanks again,
John
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Missing-functions-in-latest-NSS-library-tp340623p340723.html
Sent from the Mozilla - Cryptography mailing list archive at
heck other libraries (DLLs) but could
not find the above functions. Am I missing something?
Thanks,
John
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Missing-functions-in-latest-NSS-library-tp340623.html
Sent from the Mozilla - Cryptography mailing list archive at Nabb
FYI
Forwarded Message
Subject:[members] The PKCS 11 OASIS Standards are published
Date: Tue, 21 Apr 2015 12:30:56 -0400
From: Chet Ensign
To: tc-annou...@lists.oasis-open.org, memb...@lists.oasis-open.org,
pkc...@lists.oasis-open.org ,
pkcs11-comm...@lists.oasis
On 01/15/2015 02:35 PM, Robert Daniels wrote:
> Ok, I tested this on the latest 0.16 and it works.
>
> Thanks again for the help.
Fabulous, thanks for the feedback.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
he cert, it does not get to the point where it needs the
> password.
Makes sense.
> I'll chime back after testing with a newer version of python-nss.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 01/14/2015 02:59 PM, Robert Daniels wrote:
> John,
>
> Some additional observations.
>
> If I debug with a breakpoint over the password callback, it's never
> called when invoking pkcs12_export, however it is invoked when
> calling find_key_by_any_cert.
Hmmm ... tha
as why I can get a PrivateKey object, but not export it with the
> cert.
Does it work using pk12util?
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
directly.
FWIW the pkcs12 implementation in python-nss pretty much mirrors what
pk12util is doing using essentially the same NSS entry points.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_data)
pemcert = '\n'.join([data[x:x+64] for x in range(0, len(data), 64)])
return '-BEGIN CERTIFICATE-\n' + \
pemcert + \
'\n-END CERTIFICATE-'
print make_pem(cert.der_data)
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
d the behavior.
The problem has nothing to do with python-nss. python-nss simply calls
the NSS function CERT_GetCertNicknames(). Maybe one of the core NSS
developers can shed light on why the code is commented out. My
suggestion would be to file a bug against NSS.
https://bugzilla.mozilla.org/enter_bug
wsing the NSS source code.
It would benefit NSS adoption if there was better documentation but for
what it's worth this seems to be a hallmark of crypto libraries,
openssl, kerberos, GSSAPI, etc. are all equally opaque. :-(
HTH,
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mo
No problem.
Actually you don't need to download the code at all.
http://hg.mozilla.org/releases/mozilla-release/file/bf6c1a1aa45b/security/nss/TAG-INFO
Cheers,
John
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Which-version-of-nss-is-used-by-firefox-33-tp325489p3
As per the wiki page:
You can look at the release source code to see which version of NSS is
included in a version of Firefox. For example, at
http://hg.mozilla.org/releases/mozilla-release (choose the right tag from
the bottom, e.g. FIREFOX_5_0_RELEASE, then click on files and navigate to
securit
On 10/21/2014 09:02 PM, Julien Vehent wrote:
> NSS is very rarely used in servers.
Not true. Red Hat ships many products with NSS server configurations.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
you are providing are valid and in the right
format. For instance is the key file actually PKCS12 format requiring a
password or is it PEM? Is the cert chain fully available in the CA file?
Are the files readable? Is SElinux enforcing enabled? Are there AVC's?
Do the exact same files work in another context?
If you're adventurous and can do C debugging I would ldap under GDB and
break in the method tlsm_add_key_from_file() and make sure your private
key is getting loaded.
HTH,
John
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
set to False, it doesn't
seem to be creating a problem for NSS during validation. The CA cert
also has BasicConstaints but with the CA flag set to true and path
length set to 2. Not sure if this is relevant to this issue or not.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.moz
Robert Relyea wrote
> On 07/30/2013 06:37 PM, John wrote:
>>> At this point I usually ask, what is it you are trying to do? usually
>>> when I see someone trying to import or export keyblobs, they are coding
>>> at the wrong level and we should be pushing more of
le to find these?
>
>
> On Tue, Jul 30, 2013 at 9:37 PM, John wrote:
>
>>> At this point I usually ask, what is it you are trying to do? usually
>>> when I see someone trying to import or export keyblobs, they are coding
>>> at the wrong level and we sho
> At this point I usually ask, what is it you are trying to do? usually
> when I see someone trying to import or export keyblobs, they are coding
> at the wrong level and we should be pushing more of whatever protocol
> you are running into NSS.
I'm developing a One Time Password software token
Thank you.
FIPS is not enabled so PK11_ImportSymKeyWithFlags() works for me. However
I'm unable to export the imported key using PK11_ExtractKeyValue() and
PK11_GetKeyData(). I suspect this is by design - keys are protected from
being exported?
As a work around, I have tried importing the key usi
t, "MySymKey", NULL) == NULL)
{
cout << "Failed to find key" << endl;
goto shutdown;
}
PK11_ListFixedKeysInSlot returns NULL and the timestamp on key4.db remains
unchanged, indicating the key was not imported into the database.
Thanks,
John
--
View this me
arg to
yum. Look in your yum configuration file to see the exact name on your
system.
On my system (F18) the command would be
% sudo yum --enablerepo updates-debuginfo install nss-debuginfo
-Or- when you fire up gdb it will give you a command to install the
necessary debug info, just copy the
socket client auth callback to supply the client cert?
See SSLSocket.set_client_auth_data_callback()
There is an example of it's usage in doc/examples/ssl_example.py
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 02/14/2013 03:19 PM, Ryan Sleevi wrote:
On Thu, February 14, 2013 11:55 am, John Dennis wrote:
Surely you're not suggesting that arbitrary web applications be able to
use JavaScript to swap out the crypto library used by the browser?
Absolutely not from JavaScript. But as a br
u use X, Y, or Z
instead and tell me if you still have the issue. That's a non-starter
for many applications unless they had the foresight to implement
"pluggable crypto", and I'm only aware of a handful of those, usually
they've hitched their horse to one implementation.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
bogus error code from the dim past (because errors are never
cleared).
Filed bug as: https://bugzilla.mozilla.org/show_bug.cgi?id=816488
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
ing in the
right place in the tree because I'm sure there is a ChangeLog or some
other file in the CVS tree that documents what changed in each release.
Where would I find that?
Thanks!
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailin
ively broke
things for us recently, one of the clear downsides of using private
versions of NSS independent of the global system environment. Would
truly like to avoid that experience again.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailin
would be happy to help you
with actual issues with NSS, PKI and cryptography, but not with computer
science 101 :-) As a courtesy to others on this list such things are
said to be "off topic".
HTH,
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
;re one or two minor revisions behind the
official version we haven't yet pushed these fixes upstream, another
problem which we need to rectify.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
htt
OS.
Hope that helps and gets you started,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
is written in C. The source can be obtained here:
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech
oogling shows how to do this:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html
http://www.mozilla.org/projects/security/pki/nss/sample-code/sample2.html
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-
ecb, i found nothing about that
if you have any idea, please post it here
Have a look at:
PK11_ImportSymKey
PK11_CreateContextBySymKey
PK11_CipherOp
PK11_DigestFinal
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto
s a fair amount of sophisticated knowledge to
utilize NSS's building blocks to produce a comprehensive solution to
some cryptographic problem.
HTH,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
to avoid at the
moment for a host of reasons.
Hope that helps!
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
and
set a break point on PR_SetError, you will probably need to issue this
gdb command (or put it in a .gdbinit file):
set breakpoint pending on
You should break in the debugger with full source code when an error is
set, you can then look around to see why.
--
John Dennis
Looking to carve
ho started and you have no way to install and start a
system daemon then I can't think of a mechanism that couldn't be
compromised and/or wouldn't require user intervention. Anybody else have
better ideas?
--
John Dennis
Looking to carve out IT costs?
www.redhat.
cert
extensions? Or do I just not understand the RFC definition of a CSR?
Thanks,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
rom a PKCS#7 key, but it doesn't have the full chain of CAs, so
is invalid for signing the plugin.
Would using the NSS API be a practical approach? It seems that Firefox can
export keys and it uses NSS to do that? Have there been any attempts to do
something like this in the past?
Cheers
Nelson B Bolyard wrote:
On 2010/02/03 08:04 PST, John J. Barton wrote:
Kyle Hamilton wrote:
I believe there's something available called KeyManager that should
help, from https://addons.mozilla.org/en-US/firefox/addon/4471 . It
uses XPCOM IDL to access the platform security module. (It
ure.
jjb
-Kyle H
On Sun, Jan 31, 2010 at 9:51 PM, John J. Barton
wrote:
The Mccoy program,
https://developer.mozilla.org/en/McCoy
can sign update.rdf files. It has a dll to support the signature work. I
wonder if something has improved in the firefox code base since the time
Mccoy was written, suc
The Mccoy program,
https://developer.mozilla.org/en/McCoy
can sign update.rdf files. It has a dll to support the signature work. I
wonder if something has improved in the firefox code base since the time
Mccoy was written, such that the signature work can now be done without
the dll. I would li
Hi:
Been a little busy, so haven't had a chance to look at this issue till now.
*Glen*:
I hope I didn't come off as being sarcastic/insincere in my reply to your
first post - it probably didn't help that I forgot to mention that the three
failed tests you mentioned were the ones I was seeing as w
Hi:
*
Nelson*: Thanks - I was worried that I had done something wrong. I will
await that person's return next week for a definitive answer.
*Glen*: Wow, you managed to match that bug to my problem, even though the
test numbers are totally different (as per what Nelson said)! Its not
terribly imp
Hi:
I downloaded the NSS 3.12.3 and NSPR 4.7.4 source code and was running the
provided test suite. However, test #537 (part of "Cache CRL SSL Client
Tests") gets stuck (all previous tests pass according to results.html), and
I have to kill the test process. The last few lines from output.log ar
I wonder how thread safe NSS' integration with libcurl actually is.
No offense Daniel but after switching to gnutils with their macros
all problems related to this matter are resolved. So be it.
Kind thanks,
JD
On 3/21/09, John D wrote:
>
>
>
> On 3/21/09, Wan-Teh Chang w
1 - 100 of 119 matches
Mail list logo
