Paul Santapau wrote: > Nelson B escribió: >>All the error codes for TBird's crypto are negative numbers, in the >>range -6000 .. -12288 and the number 1028 isn't in that range.
> Ok, good guess ;-). But the number that appears is really 1028 > between parenthesis. I can send u an snapshoot if wanted, > the only thing is that it is in spanish. Then that number must be a peculiarity of the Spanish localization of Thunderbird. Probably should be reported as a bug. >>NSS (TBird's crypto code) doesn't presently accept critical Policies >>extensions. > Ok, and just in case some application wants to handle that critical > extension, How can the application do it? What kind of check is > nedded?. In this case, the application using NSS is Thunderbird. However, NSS's cert validation is not presently application-extensible. Handling of critical policy extensions is planned for NSS 3.12, which should be released (much) later this year. >>> Data: >>> Policy Name: OID.1.3.6.1.4.1.8149.3.5.2.0 >>> Policy Qualifier Name: PKIX User Notice Qualifier >>> Display Text: ".C.e.r.t.i.f.i.c.a.d.o. .p.a.r.a. .a.p > How did you get the Display Text? Did you used any nss tool?, I have try it > with some tools but i cannot get that text, just a stream of unicoded bytes > to decode. I used NSS's pretty printing tool, pp. Peter Gutmann's dumpasn1 tool would also do it. (google for it) > Thank you very much for solving my issue Nelson. See if your CA will reissue the cert with a non-critical policy extension. If so, that will solve your problem most quickly. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto