date:20160523

Re: [ANNOUNCE] NSS 3.24 Release

2016-05-23 Thread Julien Pierre


Kai,

On 5/22/2016 13:45, Kai Engert wrote:

Notable Changes:
* The following functions have been deprecated (applications should use the
   new SSL_ConfigServerCert function instead):
   * SSL_SetStapledOCSPResponses
   * SSL_SetSignedCertTimestamps
   * SSL_ConfigSecureServer
   * SSL_ConfigSecureServerWithCertChain
* Function NSS_FindCertKEAType is now deprecated, as it reports a misleading
   value for certificates that might be used for signing rather than key
   exchange.
* SSLAuthType has been updated to define a larger number of authentication
   key types.
* The member attribute authAlgorithm of type SSLCipherSuiteInfo has been
   deprecated. Instead, applications should use the newly added attribute
   authType.
* ssl_auth_rsa has been renamed to ssl_auth_rsa_decrypt.

Will the deprecated functions stop working right away ? Or is there a 
scheduled time at which they won't be supported anymore in the future ?
The SSL_ConfigSecureServer function is very commonly used, pretty much 
in all Oracle applications.
In the past, NSS has maintained binary compatibility, except in cases 
where security cannot be fixed, such as SSL2 .


Julien

--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.24 Release

2016-05-23 Thread Robert Relyea


On 05/22/2016 04:26 PM, Paul Wouters wrote:

On Sun, 22 May 2016, Kai Engert wrote:


Subject: [ANNOUNCE] NSS 3.24 Release


* NSS softoken has been updated with the latest NIST guidance (as of 
2015)


What does this relate to? Do you have the specific FIPS publication?
Is this perhaps the GCM IV handling?
Checking library integrity at library load time rather than first init 
time. I don't have the document.:(,


bob


Paul





smime.p7s
Description: S/MIME Cryptographic Signature
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

RE: [ANNOUNCE] NSS 3.24 Release

2016-05-23 Thread Trick, Daniel

Thanks a ton!



From: dev-tech-crypto 
[dev-tech-crypto-bounces+trick=sit.fraunhofer...@lists.mozilla.org] on behalf 
of Martin Thomson [m...@mozilla.com]
Sent: Monday, May 23, 2016 6:28 PM
To: mozilla's crypto code discussion list
Subject: Re: [ANNOUNCE] NSS 3.24 Release

On Mon, May 23, 2016 at 1:55 AM, Trick, Daniel
 wrote:
> make BUILD_OPT=1


Try: make BUILD_OPT=1 nss_build_all

You have to build NSPR first, and this does that for you.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: How to get details of certificate?

2016-05-23 Thread Martin Thomson

On Sun, May 22, 2016 at 5:16 PM, RJT  wrote:
>  `certutil -L -d sql:${HOME}/.pki/nssdb`

That lists the names, then you can dump the details:
 `certutil -L -d sql:${HOME}/.pki/nssdb -n `
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.24 Release

2016-05-23 Thread Martin Thomson

On Mon, May 23, 2016 at 1:55 AM, Trick, Daniel
 wrote:
> make BUILD_OPT=1


Try: make BUILD_OPT=1 nss_build_all

You have to build NSPR first, and this does that for you.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: The certificate/key database is in an old, unsupported format.

2016-05-23 Thread RJT

On Wednesday, October 14, 2015 at 5:24:43 AM UTC-5, Graham Leggett wrote:
> Hi all,
> 
> During a recent Firefox upgrade, all my digital certificates and keys 
> vanished (as well as all saved passwords, but that is a separate problem).
> 
> The cert8.db and key3.db files are still there, however I am struggling to 
> find a version of certutil that can read them. Using certutil from v3.14.3 
> (as provided by macports) I get the following:
> 
> Little-Net:tmp minfrin$ nss-certutil -L -d .
> nss-certutil: function failed: The certificate/key database is in an old, 
> unsupported format.
> 

Try prefixing with sql:
 nss-certutil -L -d sql:${HOME}/.pki/nssdb

On a new CentOS 7 Linux machine, the same error occurs using certutil without 
indicating it is a database with the 'sql' prefix.  The database is actually in 
a newer format.  The "database" switched from flat files to Berkeley DB to 
sqllite, so sql: is needed.  i am guessing 
the same error happens on the Mac, but i thought some distributions were making 
the new way, the default way.  Believe the switch to sqllite occurred with 
3.12.  Do not forget `man nss-certutil` and `man certutil`, it has examples.

https://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Shareable_Certificate_and_Key_Databases

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.24 Release

2016-05-23 Thread Trick, Daniel

Hello.

I'm trying to build latest NSS. Following the Wiki instructions I do:

> |hg clone https://hg.mozilla.org/projects/nspr hg clone
> https://hg.mozilla.org/projects/nss cd nss make BUILD_OPT=1 |


Result is:

> make[2]: Entering directory `/c/Scratchpad/NSS/nss/lib/util'
> cl -FoWIN954.0_OPT.OBJ/quickder.obj -c -O2 -MD -w44267 -w44244 -w44018
> -w44312 -FS -arch:IA32 -W3 -nologo -D_CRT_SECURE_NO_WARNINGS
> -D_CRT_NONSTDC_NO_
> WARNINGS -WX -DXP_PC -UDEBUG -DNDEBUG -DWIN32 -D_X86_ -D_WINDOWS
> -DWIN95 -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT
> -DSSL_DISABLE_
> DEPRECATED_CIPHER_SUITE_NAMES -I../../../dist/WIN954.0_OPT.OBJ/include
> -I../../../dist/public/nss -I../../../dist/private/nss 
> "/c/Scratchpad/NSS/nss/
> lib/util/quickder.c"
> quickder.c
> c:\scratchpad\nss\nss\lib\util\secasn1.h(15) : fatal error C1083:
> Cannot open include file: 'plarena.h': No such file or directory
> make[2]: *** [WIN954.0_OPT.OBJ/quickder.obj] Error 2
> make[2]: Leaving directory `/c/Scratchpad/NSS/nss/lib/util'
> make[1]: *** [libs] Error 2
> make[1]: Leaving directory `/c/Scratchpad/NSS/nss/lib'
> make: *** [libs] Error 2

Is this a bug or am I missing something?

(I am using Windows 7, Moz-Build Version is 2.2.0)

Thank you!

Regards,
Daniel


-- 
Daniel Trick, Fraunhofer SIT
Cloud Computing, Identity & Privacy (CIP)
Rheinstr. 75, 64295 Darmstadt, Germany
Tel +49 6151 869-303

mailto:daniel.tr...@sit.fraunhofer.de
http://www.sit.fraunhofer.de/

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: [ANNOUNCE] NSS 3.24 Release

Re: [ANNOUNCE] NSS 3.24 Release

RE: [ANNOUNCE] NSS 3.24 Release

Re: How to get details of certificate?

Re: [ANNOUNCE] NSS 3.24 Release

Re: The certificate/key database is in an old, unsupported format.

Re: [ANNOUNCE] NSS 3.24 Release

7 matches

Site Navigation

Mail list logo

Footer information