Priit Randla wrote: Well, looks like something did very bad things to my original posting, so i have to resend. Now i'll use text files only...
> > Hello, > > > Could somebody please look at attached logs & certs? > I'm having difficult time trying to understand why doesn't mozilla > behave as expected. > Well, backround at first: > I've written a pkcs11 module for Estonian EstEID smartcard, it card has > two key/cert pairs - one for authentication and the other for signatures > (nonRepudiation).For a long time, i couldn't get the module to work at > all - mozilla did read the certificate objects in and then promptly > crashed or started dozens of VerifyRecover functions with self-created > session public key objects and, when finished, crashed again. > Under NS4.79 work these cards whose certs do not have utf8-encoded chars > in their DN. > Right now im using build with id 20020929 (nightly build) and it > doesn't crash anymore. Instead it reads certs in and shows them under > certifcate manager. Authentication certificate looks fine, but for > non-repudiation certificate certificate manager says "Could not verify > this certificate for unknown reasons.". Both certificates are signed by > the same CA. When i tried to use authentication certificate against > client-certs-requiring webserver, i got nothing - mozilla found private > key objects and just before C_SignInit, simply hung - never ending > stopwatch, UI worked, browser component didn't and i had to restart > browser. > Yesterday i grabbed/compiled nss sources from cvs and used these .so's > under 0929 nightly build. I found out that now _one_ of my > testcards works for authentication, the other behaves as before - hangs > browser component. > > I'm attaching certs and session logfiles from pkcs11 module for kind > folks to investigate :-). > > TestCard1 > authcert1-ok.der - works for authentication, shows up as verified. > signcert1-nok.der - nonRepudiation cert, shows up as "couldn't > verify for unknown reasons." > pkcs11-log1.txt - pkcs11 log from a successful authentication with > webserver. > TestCard2 > authcert2-nok.der - does _not_ work for authentication, hangs > browser, shows up as verified. > signcert2-nok.der - nonRepudiation cert, shows up as "couldn't > verify for unknown reasons." > pkcs11-log2.txt - pkcs11 log from a unsuccessful > authentication > with webserver. > > > > Regards, > Priit Randla > >
