Re: ldapssl_advclientauth_init fails in Windows, but succeeds in Linux

Fri, 10 Jul 2009 08:10:27 -0700 


you might be missing some files on your NSS installation there or some
files got corrupted or mismatched. check with NSS folks about that err
and see if they can help you on proper NSS install steps on Windows.

Matthew DeLoera wrote:

Hello all....

I've built and am running C-SDK 6.06 in Windows, and 6.05 in Linux. In
each OS I have a test client that I build and run, linking to the C-SDK.

Without using SSL, everything is fine in both OSs. I can freely query my
AD server as I'd expect.

When I enable SSL, the ldapssl_advclientauth_init call succeeds in
Linux, but fails in Windows. I also tried just calling
ldapssl_clientauth_init() and got the same thing - success in Linux and
failure in Windows.

My Linux call resembles:

#define CERTDB "/home/admin/.mozilla/firefox/naybgi51.default/cert8.db"
#define KEYDB  "/home/admin/.mozilla/firefox/naybgi51.default/key3.db"
ldapssl_advclientauth_init(CERTDB, NULL, 1, KEYDB, NULL, 0, "", 0)

When I build the same codebase in Windows, the difference is:

#define CERTDB "..\cert8.db"
#define KEYDB  "..\key3.db"
(I copied my db files from my Firefox app data in Windows)

Any suggestions?

I do notice that when I trace down into the code, inside the
ldapssl_advclientauth_init code:

- Down inside nss_Init (nssinit.c).
- SECMOD_LoadModule (pk11pars.c) is called with modulespec indicating
"NSS Internal Module".
- SECMOD_LoadModule sort of calls itself recursively with modulespec
indicating "NSS Internal PKCS #11 Module".
- Then, when SECMOD_LoadPKCS11Module (pk11load.c) is called, it calls
secmod_ModuleInit, which calls
PK11_GETTAB(mod)->C_Initialize(pInitArgs), which is what actually fails
(crv = 48).

So, is this a CKR_DEVICE_ERROR from NSS? I'm not using hardware or
anything - I'm just trying to specify my cert and key db files in order
to do SSL.

Any tips, hints, or suggestions would be *greatly* appreciated! This
strikes me as a system config issue, and not a code issue?

- Matthew
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap

_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap

Reply via email to