[EMAIL PROTECTED] wrote:
My guess is there is something else going on here. We have a PKCS #11 module which does not support either of these and can do encryption and decryption just fine.The problem I have encountered has been in trying to get Thunderbird to encrypt. From what I can make out everything is moving along happily until NSS calls C_FindObjectsInit with a CKA_CLASS value of CKO_NETSCAPE_SMIME. Another attribute in the search template is CKA_NETSCAPE_EMAIL which is a string value with an email address in its contents.
Your strategy of returning '0' should continue to work for those attributes..
This search returns CKR_OK, but with a count of zero. After that point thunderbird crashes. Up until that point it handled failed searches for CKO_NETSCAPE_BUILTIN_ROOT_LIST and CKO_NETSCAPE_CRL quite happily, even though they too return zero objects.
Getting a debug build of thunderbird would give a stack traceback of the crash an help diagnose what is happening. You could also use the command line tools to debug NSS with your module without having to build the entire mozilla tree from source. The command line tool for S/MIME is cmsutil in mozilla/security/nss/cmd/smimetools. It's interesting that you are crashing in encrypt, since typically PKCS #11 modules aren't used in the encrypt case.
CKO_NETSCAPE_SMIME is looking for S/MIME records, which tell the application which certificates go with which email address. You shouldn't have to support them, my guess is this is a red herring and your crash is cased by something else.I'm at a loss as to what the search for CKO_NETSCAPE_SMIME is trying to achieve, I have found no documentation on any of the extensions.
bob
Does anyone know what might be happening? Do I have to support these values to prevent thunderbird from crashing, and if so, how? Thanks in advance Warren _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
