On 8/25/2011 7:58 AM, helpcrypto helpcrypto wrote: > Sorry for the little OT. > > I would like to know if OpenSC PKCS#11 module added on > Firefox/Thunderbird has the same "problem" im having on my PKCS#11 > library. > > Seems that Mozilla its invoking C_FindObjectsInit asking for objects > with CK_OBJECT_CLASS = 0xCE534351 or 0xCE534352 or 0xCE534353 or > 0xCE534354 around 171 times. > This type is a mask for VENDOR_DEFINED ones, and seems to be related to NSS.
The OpenSC pkcs11/pkcs11-display.c has definitions for all these. #define CKO_NETSCAPE 0xCE534350 #define CKO_NETSCAPE_CRL (CKO_NETSCAPE + 1) #define CKO_NETSCAPE_SMIME (CKO_NETSCAPE + 2) #define CKO_NETSCAPE_TRUST (CKO_NETSCAPE + 3) #define CKO_NETSCAPE_BUILTIN_ROOT_LIST (CKO_NETSCAPE + 4) There are vendor attributes too. > As far as i know, returning CKR_OK and 0 objects, or even better > CKR_ATTRIBUTE_TYPE_INVALID should tell Mozilla "I DONT HAVE ANY OF > THIS", and Mozilla "should" stop asking. > Instead of this, it asks again...again...and again until boredom > (maybe its because i have 171 CAs on my keystore? No clue. Looks like looking for a CRL. When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK Add to the environment something like this: PKCS11SPY=/opt/smartcard/lib/your-pkcs11.so PKCS11SPY_OUTPUT=/tmp/tb.spy.txt > > Mozilla/NSS people doesnt seem to know anything about this (or they > look to other side). > As im not an OpenSC user, and have no idea of how to trace/log this > stuff, i ask for the guys that would have been fighting against this. You can use the OpenSC pkcs11-spy.so with TB and your own PKCS#11 module. make the pkcs11-spy.so or pkcs11-spy.dll the security device. > Is this also happening to you? Do you implement that VENDOR_DEFINED > (undocumented?) types? Could you give me a hand? When OpenSC PKCS#11 sees these, it returns 0 objects and CKR_OK > > Thanx a lot anyway. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel