Re: [ANNOUNCE] NSS 3.44 Release

2019-05-16 Thread Miklos Vajna
Hi, On Wed, May 15, 2019 at 07:52:51AM -0700, JC Jones wrote: >* It is now possible to build NSS as a static library (Bug 1543545) Is it possible to use this static mode when building via the provided Makefile? Thanks, Miklos signature.asc Description: Digital signature -- dev-tech-cryp

Re: CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread Miklos Vajna
Hi, On Thu, Feb 23, 2017 at 11:59:28AM -0500, John Dennis wrote: > >>It does appear that ParseRFC1485AVA has a bug > >> > >>if (!PL_strncasecmp("oid.", tagBuf, 4)) { > >>rv = SEC_StringToOID(arena, &derOid, tagBuf, strlen(tagBuf)); > >> > >>SEC_StringToOID() can handle a numericoid (

Re: CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread Miklos Vajna
Hi, On Thu, Feb 23, 2017 at 10:44:10AM -0500, John Dennis wrote: > You should follow the RFC specifications, in this case RFC-4514 and > RFC-4512. Thanks for the numbers, I wasn't sure where is this specified. > The second example with the RDN 2.5.4.97=VATHU-10585560 is correct. > > It does a

CERT_AsciiToName() and unknown OIDs

2017-02-23 Thread Miklos Vajna
Hi, [ I ran into this problem as a follow-up of the previous ECDSA question I asked earlier, but I assume this problem is independent. ] I'm trying to use CERT_AsciiToName() to get the DER-encoded equivalent of a string from an XML signature. The original string from my XML signature was: "C=HU,

Re: xmlsec / ECDSA problem

2017-02-15 Thread Miklos Vajna
Hi, On Wed, Feb 15, 2017 at 07:52:48PM +1100, Martin Thomson wrote: > Let's just say that this is a feature that is frequently requested. > Searching bugzilla.m.o you will probably find a bug regarding this > curve that makes for entertaining reading. Ah, I see. I had no intention to choose sec

Re: xmlsec / ECDSA problem

2017-02-15 Thread Miklos Vajna
Hi, On Tue, Feb 14, 2017 at 09:07:24AM -0800, Robert Relyea wrote: > You would need to install the -debug package for nss-softokn on the distro > to step into softoken (assuming you aren't using a hardware accellerator). Thanks, I didn't realize there are multiple -debuginfo packages for the sa

xmlsec / ECDSA problem

2017-02-14 Thread Miklos Vajna
Hi, xmlsec from is a library to verify XML signatures (and more). It has a number of backends, one of them being NSS. Currently only the openssl backend of xmlsec supports ECDSA, and I'm trying to add support for ECDSA in its NSS backend. My first goal would be ve