As I wrote before, nss implementation is not fully PKCS#11 compliant. They have a different attitude... They require vendors to support their own sequences. Other than your example, it perform login before it access the token, it open a new session each for each SSL session and more.
I tried to work with them to resolve this [1], but gave up. We worked very hard on QCA so that KDE browser will work correctly, but developers did not merge QCA usage into kde-4. Alon. [1] http://www.mail-archive.com/dev-tech-crypto%40lists.mozilla.org/msg00274.html On 8/12/08, Ludovic Rousseau <[EMAIL PROTECTED]> wrote: > I then tried to return CKR_USER_NOT_LOGGED_IN on the C_Sign() instead > of C_SignInit() but Firefox react the same. > > I think it will not possible to simulate a CKA_ALWAYS_AUTHENTICATE > just by returning CKR_USER_NOT_LOGGED_IN. > > I think it would be simpler to patch Firefox so it asks for the PIN if > it gets a CKR_USER_NOT_LOGGED_IN instead of completely and correctly > supporting CKA_ALWAYS_AUTHENTICATE. > > Any other suggestion? > > Thanks > > > -- > Dr. Ludovic Rousseau > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
