Re: build nss

On Tue, Aug 5, 2008 at 2:34 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > > See the current draft at > The build-time environment variables should be moved to http://developer.mozill

NSS documentation guidance request

Hi all, I need help finding a document(s) to help me understand cross certification and path building/chaining in the NSS world. I'm currently working on a project where I'd like to come up with the right recipe to build a cross certified CA with ubiquitous API support. Thus far we have satisfie

Re: Creating detached PKCS#7 signature with cmsutil

Michael Ströder wrote, On 2008-08-05 15:44: > Michael Ströder wrote: >> I also tried signver but this hangs: >> >> signver -V -v -d ~/.mozilla/xxx/ -i name.tar.gz -s name.tar.gz.p7m >> >> strace output of hanging signver: >> >> - snip - >> open("n

Re: Creating detached PKCS#7 signature with cmsutil

Michael Ströder wrote, On 2008-08-05 06:09: > HI! > > I'd like to generate and verify a detached signature (in a separate > file) with a key from my Seamonkey profile. Is this approach with > cmsutil ok (single command-line wrapped here)? > > cmsutil -S -d ~/.mozilla/xxx/ -N "cert nickname"

Re: build nss

On Aug 5, 4:04 pm, brieweb <[EMAIL PROTECTED]> wrote: > On Aug 5, 2:03 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > > > > > brian wrote, On 2008-08-05 12:33 PDT: > > > > I downloaded nss-3.12-with-nspr-4.7.tar.gz and now I am wondering how > > > to build it. I am working on an Ubuntu system wi

Re: build nss

On Aug 5, 2:03 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > brian wrote, On 2008-08-05 12:33 PDT: > > > I downloaded nss-3.12-with-nspr-4.7.tar.gz and now I am wondering how > > to build it. I am working on an Ubuntu system with most developer > > tools installed. Is there a configure script s

Re: Creating detached PKCS#7 signature with cmsutil

Michael Ströder wrote: > I also tried signver but this hangs: > > signver -V -v -d ~/.mozilla/xxx/ -i name.tar.gz -s name.tar.gz.p7m > > strace output of hanging signver: > > - snip - > open("name.tar.gz", O_RDONLY|O_LARGEFILE) = 5 > open("name

Re: Creating detached PKCS#7 signature with cmsutil

Michael Ströder wrote: > > I'd like to generate and verify a detached signature (in a separate > file) with a key from my Seamonkey profile. Is this approach with > cmsutil ok (single command-line wrapped here)? > > cmsutil -S -d ~/.mozilla/xxx/ -N "cert nickname" -G -H SHA1 -T -i > name.t

Re: build nss

I wrote, On 2008-08-05 14:03 PDT: > You'll find some somewhat dated build instructions at > > > If you ignore the part about checking out with certain CVS tags (since > you already have the sources), the instructi

Re: build nss

brian wrote, On 2008-08-05 12:33 PDT: > I downloaded nss-3.12-with-nspr-4.7.tar.gz and now I am wondering how > to build it. I am working on an Ubuntu system with most developer > tools installed. Is there a configure script somewhere, or do I need > to do something different? You'll find some som

Re: Where are the binaries for nss 3.12 and nspr 4.7.1?

dky wrote, On 2008-08-05 06:44: > On Jun 24, 11:03 pm, Glen Beasley <[EMAIL PROTECTED]> wrote: >> hi, >> >> cannot you not just build thebinariesyourself? >> >> http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-re... >> http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/ns

Re: Where are the binaries for nss 3.12 and nspr 4.7.1?

I wrote: > Find nsinstall.exe in > > It's the only file you should need from that distribution. Better yet, get it from

Re: Comodo ECC CA inclusion/EV request

Robin Alden: > f) refers to an SSL product which is limited in such a way that it isn't > generally usable on the public internet. We offer no warranty on the > product, and the main part of the domain validation is to ensure that the > domain name in the certificate is not a valid internet name o

build nss

I downloaded nss-3.12-with-nspr-4.7.tar.gz and now I am wondering how to build it. I am working on an Ubuntu system with most developer tools installed. Is there a configure script somewhere, or do I need to do something different? brian ___ dev-tech-cry

Re: Comodo ECC CA inclusion/EV request

Frank Hecker: > Eddy Nigg wrote: >> As per your comment in >> https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you state that >> no problematic >> practices associated with this CA, but I found that in section 2.4.1 >> domain validated wild cards are issued, which is listed in >> http://

Re: Comodo ECC CA inclusion/EV request

Robin Alden: > f) refers to an SSL product which is limited in such a way that it isn't > generally usable on the public internet. We offer no warranty on the > product, and the main part of the domain validation is to ensure that the > domain name in the certificate is not a valid internet name o

Re: NSS PKCS#11 and CAPI

Subrata Mazumdar wrote: Hi Bob, I can neither generate key-pair nor use the private key to sign either a PKCS#10 CSR or another Cert. I remembered that I had that working at one point, but it may have attropied... It may actually be an issue in the NSS wrapper rather than the CAPI pkcs

Re: Problem with Content-type:application/x-x509-user-cert

Nelson B Bolyard wrote: [EMAIL PROTECTED] wrote, On 2008-08-04 23:23: I found this mime type(Content-type:application/x-x509-user-cert) is used for firefox 1.5. It just not have popup windows for notification. Is there any version of Firefox where it DOES have a dialog? I believe t

Re: Comodo ECC CA inclusion/EV request

Eddy Nigg wrote: > As per your comment in > https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you state that > no problematic > practices associated with this CA, but I found that in section 2.4.1 > domain validated wild cards are issued, which is listed in > http://wiki.mozilla.org/CA:Pr

Re: Where are the binaries for nss 3.12 and nspr 4.7.1?

On Jun 24, 11:03 pm, Glen Beasley <[EMAIL PROTECTED]> wrote: > hi, > > cannot you not just build thebinariesyourself? > > http://www.mozilla.org/projects/security/pki/nss/nss-3.12/nss-3.12-re...http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11 > > cvs co -r NSPR_4_7_1_RTM moz

Creating detached PKCS#7 signature with cmsutil

HI! I'd like to generate and verify a detached signature (in a separate file) with a key from my Seamonkey profile. Is this approach with cmsutil ok (single command-line wrapped here)? cmsutil -S -d ~/.mozilla/xxx/ -N "cert nickname" -G -H SHA1 -T -i name.tar.gz -o name.tar.gz.p7m From m

RE: Comodo ECC CA inclusion/EV request

Robin Alden wrote:- > Eddy Nigg wrote:- > > Oh and f) is also interesting ;-), I wonder how many > > "localhost" certificates were issued so far... > [Robin said...] > Not many! We do issue quite a number for organizations to use internally > on > other names, though. > E.g. if we have a server on

Re: Problem with Content-type:application/x-x509-user-cert

[EMAIL PROTECTED] wrote, On 2008-08-04 23:23: > I found this mime type(Content-type:application/x-x509-user-cert) is > used for firefox 1.5. > It just not have popup windows for notification. Is there any version of Firefox where it DOES have a dialog? > The user certificate can be imported into

RE: Comodo ECC CA inclusion/EV request

Eddy Nigg wrote:- > (to Frank Hecker) > As per your comment in > https://bugzilla.mozilla.org/show_bug.cgi?id=421946#c17 you > state that no problematic practices associated with this CA, > but I found that in section 2.4.1 domain validated wild cards > are issued, which is listed in > http://wiki.