On 03/18/2017 02:36 AM, arequip...@gmail.com wrote:
I am trying to create a simple program that does some basic
management of an NSS database (add/update/remove) certificates, and
I'm having a terrible time finding documentation for even basic
stuff. (E.g. how do I iterate through a CERTCertList
Argh ... looks like the mailing list scrubbed 2 of my attachments.
Here is the python code (not as an attachment), hope the mailer does not
mangle it.
import sys
import nss.nss as nss
from nss.error import NSPRError
# Perform basic configuration and setup
nss.nss_init_nodb()
# Get the cert fi
On 02/23/2017 11:14 AM, John Dennis wrote:
On 02/23/2017 11:04 AM, Paul Wouters wrote:
Hi,
I'm looking at the best way to get a list of SubjectAltNames of a
CERTCertificate.
Anyone have a pointer (haha) for me ?
CERT_DecodeAltNameExtension
See secu_PrintAltNameExtension() in cm
On 02/23/2017 11:38 AM, Miklos Vajna wrote:
Hi,
On Thu, Feb 23, 2017 at 10:44:10AM -0500, John Dennis
wrote:
You should follow the RFC specifications, in this case RFC-4514 and
RFC-4512.
Thanks for the numbers, I wasn't sure where is this specified.
The second example with th
On 02/23/2017 11:04 AM, Paul Wouters wrote:
Hi,
I'm looking at the best way to get a list of SubjectAltNames of a
CERTCertificate.
Anyone have a pointer (haha) for me ?
CERT_DecodeAltNameExtension
See secu_PrintAltNameExtension() in cmd/lib/secutil.c or
cert_VerifySubjectAltName() in lib/c
On 02/23/2017 09:00 AM, Miklos Vajna wrote:
Hi,
[ I ran into this problem as a follow-up of the previous ECDSA question
I asked earlier, but I assume this problem is independent. ]
I'm trying to use CERT_AsciiToName() to get the DER-encoded equivalent
of a string from an XML signature. The orig
On 01/11/2017 03:21 AM, Opa114 wrote:
Am Mittwoch, 11. Januar 2017 00:45:45 UTC+1 schrieb Robert Relyea:
On 01/10/2017 02:07 PM, Opa114 wrote:
Am Dienstag, 10. Januar 2017 22:24:10 UTC+1 schrieb Robert Relyea:
On 01/10/2017 10:18 AM, Opa114 wrote:
thanks, but these facts i know.
I don't want
On 01/10/2017 04:23 PM, Robert Relyea wrote:
2) To open additional databases you want to use SECMOD_OpenUserDB:
Bob, is SECMOD_OpenUserDB new?
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 01/10/2017 01:18 PM, Opa114 wrote:
thanks, but these facts i know. I don't want top let multiple
applications open one Database, i want to open multiple different
Mozilla databases, in the old standard format, with one (my)
application.
I tried to use the NSS_Init functions. These works with
One of the problems I have with the argument Ryan presents concerning
API contracts and breakage is that "API contract" Ryan talks about is to
the best of my knowledge undocumented, it's a API "convention" observed
by a select group of developers "in the know". I don't see anything
about a toke
On 03/17/2016 10:52 AM, Ryan Sleevi wrote:
On a technical front, Chrome and Firefox, as browsers, have been
removing support for the notion of generic URIs, and investing in
aligning on the URL spec - that is, making a conscious decision NOT
to use URIs as URIs.
Could you clarify this statement
On 11/10/2015 04:38 PM, Opa114 wrote:
Hi,
can someone explain me how i use NSS and NSPR in my C++ Project? I'm
new to C++ and want use in project the NSS libraries, so i thought i
could include the header files i need, but did not work, so what's
the right way?
2 things:
When you ask a questi
On 10/30/2015 10:05 AM, John Dennis wrote:
On 10/30/2015 06:23 AM, JBarry wrote:
Good Morning,
I'll apologize in advance if this question has already been
asked/answered
(I did look and found nothing that helped me out) or if the question
seems
trivial. I am a college intern currently wo
On 10/30/2015 06:23 AM, JBarry wrote:
Good Morning,
I'll apologize in advance if this question has already been asked/answered
(I did look and found nothing that helped me out) or if the question seems
trivial. I am a college intern currently working with NSS for the first
time, so please forgiv
On 08/05/2015 02:37 PM, Opa114 wrote:
Am Dienstag, 14. Juli 2015 14:45:20 UTC+2 schrieb Opa114:
Hi,
when will be a new release of JSS come out? The last Version is very old and
did not support some features of latest NSS, which are very important for me.
And the JSS should be improved, becaus
FYI
Forwarded Message
Subject:[members] The PKCS 11 OASIS Standards are published
Date: Tue, 21 Apr 2015 12:30:56 -0400
From: Chet Ensign
To: tc-annou...@lists.oasis-open.org, memb...@lists.oasis-open.org,
pkc...@lists.oasis-open.org ,
pkcs11-comm...@lists.oasis
On 01/15/2015 02:35 PM, Robert Daniels wrote:
> Ok, I tested this on the latest 0.16 and it works.
>
> Thanks again for the help.
Fabulous, thanks for the feedback.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 01/15/2015 07:50 AM, Robert Daniels wrote:
> We are using python-nss 0.12. I will pull the newest and see if that
> fixes the problem.
Current version is 0.16.0.
Not sure where you're pulling it from, the Mozilla site
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Python_bindin
On 01/14/2015 02:59 PM, Robert Daniels wrote:
> John,
>
> Some additional observations.
>
> If I debug with a breakpoint over the password callback, it's never
> called when invoking pkcs12_export, however it is invoked when
> calling find_key_by_any_cert.
Hmmm ... that seems odd. It's NSS that
On 01/14/2015 09:58 AM, Robert Daniels wrote:
> Trying as you suggested today, but ran into some other thing which is
> puzzling.
>
> When I call cert = find_cert_from_nickname(nn, pwd) I successfully pull the
> server cert.
> I then call find_key_by_any_cert(cert, certpassword) I get an object
On 01/13/2015 09:58 AM, Robert Daniels wrote:
> I also need to serialize private keys in the same fashion. Any hints greatly
> appreciated.
By design NSS prohibits access to private keys therefore you cannot
serialize private keys.
However, you can export a cert/key pair in PKCS12 format. See
n
On 01/12/2015 08:50 AM, robertdaniels2...@gmail.com wrote:
> I'm loading certs via python-nss, and need to serialize the format as
> x509 PEM output. I'm using a mix of python-nss and openssl.
>
> crypto.dump_certificate does not take a nss.Certificate parameter, so
> looking for what is the "best
On 01/09/2015 08:07 AM, Roger Dunn wrote:
> I need to enumerate the certs in my local store, and in my testing,
> only user certs can be enumerated using the get_cert_nicknames api.
> It also appears to be the only exposed api for listing certs in the
> db. I'm using the ver 0.12 version of python-
On 12/16/2014 02:59 AM, D. Hugh Redelmeier wrote:
> I'm sure that this is a dumb / naive set of questions. Just the sort
> of thing that should be met with the response "Read The Fine Manual".
> Could you point me towards it?
>
> Thanks.
Current NSS documentation can be found here:
https://devel
On 10/21/2014 09:02 PM, Julien Vehent wrote:
> NSS is very rarely used in servers.
Not true. Red Hat ships many products with NSS server configurations.
--
John
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 09/19/2014 10:43 AM, Sterling Sahaydak wrote:
>
> I was told by the Chief Architect, OpenLDAP the following:
>
> "This has nothing to do with OpenLDAP. Your build is using the MozNSS
> crypto library, ask them for help."
>
>
> So, here is my setup -
>
> I've recently updated both my openld
I'm trying to debug a validation failure when using
CERT_VerifyCertificate(). The cert being validated is a SSL Server Cert,
it is signed by a root cert. I have confirmed the server cert validates
using CERT_VerifyCertificate() in a stand alone program an the root cert
imported and trusted into an
On 07/31/2013 09:47 AM, Rajesh Kareti wrote:
> Hi,
>
> I need some help in setting up the NSS Cryptographic module for doing
> Encryption and Decryption. Could any one help me in doing that.
>
> Thanks you,
> Raj
Raj, please do not hijack threads, your question has nothing to do with
importing a
On 06/26/2013 04:59 PM, Bernhard Thalmayr wrote:
> Hi experts, may I ask how I can find out where NSS dumps core?
>
> gdb backtrace of the core (performed on the target machine) does not
> show the symbols ..
>
> Program terminated with signal 11, Segmentation fault.
> #0 0x7f61de302599 in
On 06/20/2013 01:20 PM, Johan Dahlin wrote:
> [Sorry if this appears twice, the first copy got stuck in the moderation
> queue]
>
> I'm investigating the use of smart card readers for my application[1],
> which is also free software.
>
> As part of the brazilian eletronic legislation I need to b
On 02/14/2013 03:19 PM, Ryan Sleevi wrote:
On Thu, February 14, 2013 11:55 am, John Dennis wrote:
Surely you're not suggesting that arbitrary web applications be able to
use JavaScript to swap out the crypto library used by the browser?
Absolutely not from JavaScript. But as a br
u use X, Y, or Z
instead and tell me if you still have the issue. That's a non-starter
for many applications unless they had the foresight to implement
"pluggable crypto", and I'm only aware of a handful of those, usually
they've hitched their horse to one implementation.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
bogus error code from the dim past (because errors are never
cleared).
Filed bug as: https://bugzilla.mozilla.org/show_bug.cgi?id=816488
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
ing in the
right place in the tree because I'm sure there is a ChangeLog or some
other file in the CVS tree that documents what changed in each release.
Where would I find that?
Thanks!
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailin
ively broke
things for us recently, one of the clear downsides of using private
versions of NSS independent of the global system environment. Would
truly like to avoid that experience again.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailin
On 08/09/2011 04:10 AM, florent ainardi wrote:
i have a little problem when i try to compil my program
nss and nspr are installed on my system
when i launch gcc with the following syntax
gcc -g test.c -otest -I/usr/include/nss -I/usr/include/nspr
i have the following error
und
;re one or two minor revisions behind the
official version we haven't yet pushed these fixes upstream, another
problem which we need to rectify.
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
htt
OS.
Hope that helps and gets you started,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
is written in C. The source can be obtained here:
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech
oogling shows how to do this:
http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn5.html
http://www.mozilla.org/projects/security/pki/nss/sample-code/sample2.html
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-
ecb, i found nothing about that
if you have any idea, please post it here
Have a look at:
PK11_ImportSymKey
PK11_CreateContextBySymKey
PK11_CipherOp
PK11_DigestFinal
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto
s a fair amount of sophisticated knowledge to
utilize NSS's building blocks to produce a comprehensive solution to
some cryptographic problem.
HTH,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
to avoid at the
moment for a host of reasons.
Hope that helps!
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
and
set a break point on PR_SetError, you will probably need to issue this
gdb command (or put it in a .gdbinit file):
set breakpoint pending on
You should break in the debugger with full source code when an error is
set, you can then look around to see why.
--
John Dennis
Looking to carve
ho started and you have no way to install and start a
system daemon then I can't think of a mechanism that couldn't be
compromised and/or wouldn't require user intervention. Anybody else have
better ideas?
--
John Dennis
Looking to carve out IT costs?
www.redhat.
cert
extensions? Or do I just not understand the RFC definition of a CSR?
Thanks,
John
--
John Dennis
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
ou should bring that up now. John has been making good progress
> on getting something that works as we speak.
Yes, I've been implementing a Python binding for NSS and the parts of
NSPR it depends on. I should have something working soon and I'll post
info here when it's available.
-
47 matches
Mail list logo
