Ah, noobtastic... Thank you for reminding me to check shared library dependencies.
On Thu, Nov 19, 2009 at 3:30 PM, Wan-Teh Chang <w...@google.com> wrote: > 2009/11/19 Kai Chan <nahc...@gmail.com>: > > Hi, > > > > I'm using NSS 3.12.4 with NSPR 4.8 release. I want to generate keys and > > certs with the basic supported ECC curves (nistp256, nistp384, nistp521) > > included when NSS is compiled with the "NSS_ENABLE_ECC" flag. However, > when > > I try using certutil to generate certificates using the basic NIST > curves, I > > keep receiving the "security library failure" error. Is there something > in > > NSS that has to be patched or a step during configuration that I missed? > > Could someone please verify the steps performed below are correct: > > > > tar -xvf nss-3.12.4-with-nspr-4.8.tar. > > gz > > NSS_ENABLE_ECC=1; export NSS_ENABLE_ECC > > cd nss-3.12.4-with-nspr-4.8/mozilla/security/nss > > make nss_build_all > > alias > > > certutil='home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil' > > You also need to set LD_LIBRARY_PATH, otherwise your certutil command > will be using the system NSS shared libraries, which may not have ECC > support compiled in. > > > LD_LIBRARY_PATH=home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib > export LD_LIBRARY_PATH > > You can run the ldd command to verify your certutil command is using > the NSS shared libraries you built, rather than the system NSS libraries > in /usr/lib or /usr/lib32: > > ldd > home/user/Download/nss-3.12.4-with-nspr-4.8/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/bin/certutil > > Wan-Teh > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto