On 2010-05-19 03:40 PDT, Šandor Feldi wrote: > Jean-Marc Desperrier wrote: >> The web site is also something you develop ? > > Thanks for answering. No I do not develop the site and don't have any way > to access or configure apache, and it happens on different sites too... I > forgot to point out, that when importing a certificate into Firefox's NSS > softokn3.dll PKCS11 module, I do not get that behaviour, I get asked for > the certificate only once... so considering this, I think it is not an > apache issue at all... Another information if it helps...my module > interfaces with a smart card...
It really IS an Apache issue. Because there are SO MANY misconfigured and/or miscoded Apache servers out there, Firefox has a workaround for them, but it requires that the PKCS#11 token used to hold the private key be CONTINUOUSLY in a RW User state. Each time the token exits that state, you'll be required to re-authenticate to the token again. Does your module attempt to force the user to (re)authenticate to it every time it needs to use the private key? Does it attempt to do this by (re)entering a read-only state such as CKS_RO_PUBLIC_SESSION after it performs a private key operation? If so, that's your problem. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
