Well, I'd be curious to know if you could use any of those acpkcs.dll with an NSS-enabled client app and successfully use a cert off an ActivCard smartcard for SSL client auth?
And how does ActivCard exactly make their supposedly generic PKCS#11 library usable in Communicator? That answer will explain how the PKCS#11 lib then gets "hobbled" with respect to usage in latest NSS. -- P "Nelson B. Bolyard" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]... > Patrick wrote: > > > > I also have successfully used ActivCard Gold's PKCS#11 library successfully > > with my Communicator browser. However if one were to take that same PKCS#11 > > library (in the case of ActivCard, that would be their acpkcs.dll) and added > > it to the NSS secmod db, and then wrote an NSS client app that attempted to > > read and use the cert of an ActivCard for SSL client authentication, one > > would probably get the same errors I got: "key not authorized for requested > > operation", or "unable to digitally sign data required to verify your > > certificate". > > "would probably"?? > > > My point is that the commercial PKCS#11 libraries (such as ActivCard Gold) > > that work fine with Communicator, don't necessarily work with a > > *non-browser* NSS app. And I can't figure out why. > > Communicator uses a much older version of PKCS#11 than does NSS. > Older PKCS#11 modules may work with Communicator but not with NSS. > (Bob Relyea can tell us the exact version number info.) > > BTW, I seem to have two versions of acpkcs.dll on my system, and I don't > know what the differences are, other than: > > v 2.0.10.4 is 294,912 bytes long > v 2.0.10.5 is 364,544 bytes long > > -- > Nelson Bolyard Netscape > Disclaimer: I speak for myself, not for Netscape
