On 04/23/2010 09:19 AM, Tomas Kubina wrote: > Hi all, > > I am developing new PKCS11 module and I would appreciate help with this. > When I want to see certificate on my token, firefox get all attributes > of the > certificate, which it wants, but then tries to find objects with > CKA_CLASS = ce534353. It searches these objects several times but each > attempt is with different CKA_ISSUER value. After few seconds firefox shows > my certificate finally. >
This is expected. FF uses a set of "Vendor Defined" mechanisms, attributes and objects. You are perfectly entitled to barf all over these with "CKR_MECHANISM_INVALID", "CKR_ATTIBUTE_TYPE_INVALID", and "CRK_ATTRIBUTE_VALUE_INVALID" as well as in this case, just not returning any objects. NSS (and thus FF) should be able to handle it. (In this case it's looking for a trust record, presumable to see if any of the intermediates that signed your cert is trusted). bob
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
