___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
i have compiled nss3.10 successful on Windows platform(cygwin), but i ftp
the same version nss to a FreeBSD platform, it can't compile? please help
me, thanks.
bash-2.05b# make nss_build_all
"../coreconf/config.mk", line 44: Need an operator
"../coreconf/arch.mk", line 56: Missing dependency ope
> Alex wrote:
>> i have compiled nss3.10 successful on Windows platform(cygwin), but i ftp
>> the same version nss to a FreeBSD platform, it can't compile? please help
>> me, thanks.
>>
>> bash-2.05b# make nss_build_all
>> "../coreconf/config.mk&qu
> Alex:
>
> You should also do "gmake -v" to make sure you are
> using GNU make 3.79 or later. The latest versions of
> NSS require the 'call' function that was added in
> GNU make 3.79 (or a very late 3.7x release).
>
> Why don't you use the lates
I compiled nss on FreeBSD platform, and wrote a program .
My program use function SECU_ReadDERFromFile, like this
#include "secutil.h"
..
rv = SECU_ReadDERFromFile(&certDER, inFile, PR_TRUE);
..
This function is in libsectool.a
#nm libsectool.a |grep SECU_Read
1290 T SECU_ReadDERFro
> Alex wrote:
>> I compiled nss on FreeBSD platform, and wrote a program .
>> My program use function SECU_ReadDERFromFile, like this
>>
>> #include "secutil.h"
>> ..
>> rv = SECU_ReadDERFromFile(&certDER, inFile, PR_TRUE);
>>
Hello,
I wrote a program like this:
PRInt32 mod_ssl_startup(char *dbdir, PRInt32 clearCert)
{
char *dbpath=NULL;
char *certfile=NULL;
PRErrorCode ercode;
SECStatus rv;
PK11SlotInfo *slot=NULL;
..
rv = NSS_InitReadWrite(dbpath);
rv = NSS_SetDomesticPolicy();
if(rv!=SECSuccess)
{
My NSS version is 3.10. Because of I did some modifications on nss. I try to
add a new cipher to nss, but obviously i made some mistakes.
I don't know what's wrong. How to avoid that error? I list my modifications
here. Do I miss anything?
---
> Alex,
>
> I think this basically means that NSS_SetDomesticPolicy() or
> NSS_SetExportPolicy() is trying to flag an unimplemented cipher as
> SSL_ALLOWED. You shouldn't be getting this error because the table in
> sslsock.c that NSS_SetDomesticPolicy() / NSS_SetExportPol
boxes when importing my ca certificate,but still can't connect.
Why?
Thanks
Alex
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
emplate[1]:
> CKA_NETSCAPE_EMAIL(Netsc) requested with 0 buffer
> [out] pTemplate[1]:
> CKA_NETSCAPE_EMAIL(Netsc) has size -1
> Returned: 18 CKR_ATTRIBUTE_TYPE_INVALID
OK, this is way out of my domain, but I did notice these entrie
Hi
My name is Alex.
Im developing custom application based on mozilla engine.
I have a problem, one of the features of application is to access specific
web pages, some of them have certificates, some of them have certificates
that Mozilla cant verify.
And when this happens i see dialog tittled
kcs11.P11Cipher.engineGetKeySize(P11Cipher.java:582)
at javax.crypto.Cipher.b(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at EncryptionTest.main(EncryptionTest.java
> Are you sure this is not coming from the cipher.unwrap call?
> If you add a line of code to print info about the unwrapped key,
> does it show that key to be in the NSS token?
Actually, the cipher.unwrap call passes fine, but when I print the
unwrappedKey - it looks like a secretKeySpec rather t
;
return EncryptionAlgorithm.RC2_CBC;
}
}
I've seen other people complaining about a similar problem.
Is this done on purpose (lack of proper code in NSS/JSS)? Or is it
some minor bug in JSS that may be easily fixed?
Thank yo
> oh? This is the first report of this problem that I recall seeing.
Here is a similar report that I was referring to:
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/01028c36412d94bf
___
dev-tech-crypto mailing list
dev-tech
I'm trying to create a simple Java RMI application with a custom
factory that uses JSS SSL classes. So I created a simple server and
client factories that create SSLServerSocket and SSLSocket instances
correspondingly. But when my client tries to "lookup" in the registry,
the following happens:
On Dec 28, 5:02 pm, alex.agra...@gmail.com wrote:
> I'm trying to create a simple Java RMI application with a custom
> factory that uses JSS SSL classes. So I created a simple server and
> client factories that create SSLServerSocket and SSLSocket instances
> correspondingly. But when my client tri
FYI - I submitted a patch that fixes the problem.
See https://bugzilla.mozilla.org/show_bug.cgi?id=470982 for details.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
as planned for Fall 2008 and I wonder how
does it go (I see that the module is in IUT state on the NIST site).
What platforms will it be certified on?
Regards,
Alex
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Thank you.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
using Sun PKCS11 provider with NSS instead.
Unfortunately AFAIK one can not mix Sun PKCS11 NSS provider with JSS
in the same code - and I'm using JSS API for the rest of my
application (due to the limitations in Sun PKCS11 NSS provider) - so
this doesn't seem to be a valid alternative to
?
2010/11/10 Robert Relyea
> On 11/10/2010 05:34 AM, Matej Kurpel wrote:
> > Hello,
> > I am implementing a PKCS#11 module for Thunderbird and I have stuck
> > upon a weird behavior of Thunderbird. Let me explain:
> > For the purposes of testing, I have created a second gmail account. I
> > have
,
it fails whenever the server prioritizes accepting something nonsensical
from the client. Unfortunately tons of servers have silly configurations;
where they support both good and bad ciphers, and prioritize the bad ones!
Alex
On Wed, Oct 18, 2017 at 5:27 AM, Gregory Szorc wrote:
> Context:
>
>
mplicated (it is either not explicitly set
to use the default NSS value, set to something with no knowledge of my
SSLEngine, or something with knowledge of the SSLEngine) -- so I'm not
sure I like that design.
Thoughts? I feel like I might be missing something.
- Alex
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
cate that no fatal
alert is sent in the event of invalid certificates, which is fine by me.
I think that this last suggestion differs from the triggering during
regular handshakes? If the handshake fails, the handshake callback won't
trigger... We failed to get new, valid credentials, but--
26 matches
Mail list logo
