-8016 is SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED (see
https://dxr.mozilla.org/mozilla-central/rev/d5d53a3b4e50b94cdf85d20690526e5a00d5b63e/security/nss/lib/util/secerr.h#207
).
Cheers,
David
On 03/30/2016 12:49 PM, Nicholas Mainardi wrote:
> Hello,
>
> I am parsing and validating a sample
Not with certutil, but you can use nsICertOverrideService in an addon:
https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsICertOverrideService.idl#52
Or you could directly alter the the "cert_override.txt" file in the
profile directory:
eb4be86b427d ", but currently is not.
>
> This bug should be investigated by someone working on mozpkix such as
> David Keeler.
>
> I downloaded and imported the CA certificate that Frederik Braun
> named. (It is a cross-certification certificate of "WellsSecur
Hello all,
Please join me in congratulating our newest PSM module peer, Cykesiopka,
who has been doing an outstanding job of contributing to the project.
Cheers,
David Keeler
signature.asc
Description: OpenPGP digital signature
--
dev-tech-crypto mailing list
dev-tech-crypto
Please file a new bug here:
https://bugzilla.mozilla.org/enter_bug.cgi?product=Corecomponent=Security%3A%20PSM
It would be helpful if you attached the certificate the device is sending.
On 07/01/2015 08:15 AM, pavel.shlyon...@gmail.com wrote:
Hello guys.
Just updated firmware in my Sonicwall
my.rutgers.edu only offers a single cipher suite
(TLS_RSA_WITH_RC4_128_SHA) and is TLS 1.1/1.2 intolerant [0]. We
essentially disabled RC4 and insecure fallback to TLS 1.0 by default,
which is why you're unable to connect with recent (i.e. pre-release)
versions of Firefox.
I filed bug 1139065 [1]
If this was working before and stopped working, then it sounds like a
bug. I would file one against NSS:
https://bugzilla.mozilla.org/enter_bug.cgi?product=NSScomponent=Libraries
(as far as I can tell, Firefox registers a callback that NSS calls to
get a certificate and private key; NSS determines
Hi Julien,
Currently there is no way to override that behavior. We're working on
improving the situation in bug 1009161.
See also bug 1054368 regarding a way to view the certificate for
non-overridable errors.
If you can get in touch with whoever administers the internal
certificates, I would
On 08/02/2014 08:39 AM, colinhogg...@gmail.com wrote:
Since the latest update 3 days ago I have been unable to log in to any of my
Netgear equipment using Firefox. I get the error: (Error code:
sec_error_extension_value_invalid. I can access my equipment using Explorer
so I can only
Hi Jugal,
For issues with mozilla::pkix, the following might be helpful:
https://wiki.mozilla.org/SecurityEngineering/mozpkix-testing#Behavior_Changes
If that doesn't resolve the issue, please file a bug here:
On 06/27/2014 05:11 AM, Jürgen Brauckmann wrote:
David Keeler schrieb:
Meanwhile, we are making progress on implementing the webcrypto
specification[3]. When complete, webcrypto should provide compatible
functionality for what these functions are currently being used to do.
Any functionality
On 06/27/2014 07:37 AM, Nathan Kinder wrote:
On 06/27/2014 12:13 AM, Frederik Braun wrote:
To be frank, I have only ever seen the non-standard crypto functions
used in attacks, rather than in purposeful use.
That doesn't mean that aren't being purposefully used. The current
crypto
[dev.platform cc'd for visibility - please follow-up to dev.tech.crypto]
Summary:
We intend to remove the proprietary window.crypto functions and
properties. See
https://developer.mozilla.org/en-US/docs/JavaScript_crypto for what will
be affected by this change.
Our reasoning is as follows: These
On 04/26/2014 01:44 AM, Erwann Abalea wrote:
Took a quick look at the code, it looks like KU/EKU checks is ok,
BasicConstraints checks are weirdly done, NameConstraints checks are hard to
follow, CertificatePolicies checks is a joke. I now notice that I didn't see
date checks (I may have
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/14/14 07:18, Hanno Böck wrote:
However, I'd really like to stress again that I'd find it a very
worrying signal if this issue will stay unfixed for three more
major firefox versions to come. I'm pretty sure if at some point we
want to get
As I understand it, certificates in NSS are considered the same if they
have the same serial number and issuer. When importing a certificate,
NSS checks if it already has a certificate with the same serial number
and issuer. If it does but they're not actually identical (e.g. if they
have
Hello,
I have a question that should be pretty simple to answer, but I haven't
been able to do so on my own.
Is there a (or rather, what is the) difference between having an x509
(ssl) certificate with a signature algorithm of rsa encryption versus
sha1 with rsa encryption? (Is it that the
17 matches
Mail list logo
