On 2010/04/23 09:19 PDT, Tomas Kubina wrote: > Hi all, > > I am developing new PKCS11 module and I would appreciate help with > this. When I want to see certificate on my token, firefox get all > attributes of the certificate, which it wants, but then tries to find > objects with CKA_CLASS = ce534353. It searches these objects several > times but each attempt is with different CKA_ISSUER value. After few > seconds firefox shows my certificate finally.
Notice that the high order bit is set in that class number. That makes it a "vendor defined" class number. Take out that high order bit and it becomes an ASCII string. There's a clue there. The PKCS#11 spec carefully defines how a module must handle requests for unsupported attribute types. If you handle it exactly as defined in the spec, there will not be any delays, and all will work as it should. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto