NSS_SetDomesticPolicy() return 12266

2006-09-29 Thread Alex
Hello, I wrote a program like this: PRInt32 mod_ssl_startup(char *dbdir, PRInt32 clearCert) { char *dbpath=NULL; char *certfile=NULL; PRErrorCode ercode; SECStatus rv; PK11SlotInfo *slot=NULL; .. rv = NSS_InitReadWrite(dbpath); rv = NSS_SetDomesticPolicy(); if(rv!=SECSuccess) {

Re: CA serial number clarification. Re: Mozilla's use of AIA caIssuers URIs

2006-09-29 Thread Kyle Hamilton
The trust anchor (i.e., the root CA) authenticates itself, as well as the certificates it issues to other entities. A better diagram and way of looking at it would be thus: anchor (.) <- trust level / \ root subca <- authentication level / \ subsubCA endentity It's

Re: Updated build instructions / release notes

2006-09-29 Thread [EMAIL PROTECTED]
Wan-Teh Chang wrote: > [EMAIL PROTECTED] wrote: > > NSS 3.11 is the most recent version is it not? Are there updated > > release notes / build instructions somewhere? > > The most recent version of NSS is NSS 3.11.3. It should be > used with NSPR 4.6.3. The CVS tags are NSS_3_11_3_RTM and > NSPR_

Re: question about gathering data in SSL

2006-09-29 Thread Peter Djalaliev
Nelson, Thanks for the great reply! This gives me a much better idea of the behavior of the code :) I erroneously assumed the connection between SECWouldBlock and PR_WOULD_BLOCK_ERROR (I read the notes.txt file a while ago...). Also, a function in the NSS code would in some cases check if a ret

Re: NSS_SetDomesticPolicy() return 12266

2006-09-29 Thread Julien Pierre
Alex, Alex wrote: Hello, I wrote a program like this: PRInt32 mod_ssl_startup(char *dbdir, PRInt32 clearCert) { char *dbpath=NULL; char *certfile=NULL; PRErrorCode ercode; SECStatus rv; PK11SlotInfo *slot=NULL; .. rv = NSS_InitReadWrite(dbpath); rv = NSS_SetDomesticPolicy(); i

Re: NSS_SetDomesticPolicy() return 12266

2006-09-29 Thread Peter Djalaliev
Alex, I think this basically means that NSS_SetDomesticPolicy() or NSS_SetExportPolicy() is trying to flag an unimplemented cipher as SSL_ALLOWED. You shouldn't be getting this error because the table in sslsock.c that NSS_SetDomesticPolicy() / NSS_SetExportPolicy() get all ciphers from contains

Re: Thanks for suggestions

2006-09-29 Thread Alex
My NSS version is 3.10. Because of I did some modifications on nss. I try to add a new cipher to nss, but obviously i made some mistakes. I don't know what's wrong. How to avoid that error? I list my modifications here. Do I miss anything? ---

Re: NSS_SetDomesticPolicy() return 12266

2006-09-29 Thread Alex
> Alex, > > I think this basically means that NSS_SetDomesticPolicy() or > NSS_SetExportPolicy() is trying to flag an unimplemented cipher as > SSL_ALLOWED. You shouldn't be getting this error because the table in > sslsock.c that NSS_SetDomesticPolicy() / NSS_SetExportPolicy() get all > ciphers f