Nelson B Bolyard wrote:
On 2009-10-22 07:59 PDT, Neil wrote:
Neil wrote:
Neil wrote:
I also notice that checkPassword(""); logs out if there was a password. Can
this behaviour be relied on, or should I call logoutSimple() too?
To answer my own question, n
Neil wrote:
Neil wrote:
I also notice that checkPassword(""); logs out if there was a
password. Can this behaviour be relied on, or should I call
logoutSimple() too?
To answer my own question, nsPK11Token::CheckPassword calls
PK11_CheckUserPassword which is documented as logg
Neil wrote:
I also notice that checkPassword(""); logs out if there was a
password. Can this behaviour be relied on, or should I call
logoutSimple() too?
To answer my own question, nsPK11Token::CheckPassword calls
PK11_CheckUserPassword which is documented as logging out if the
p
Neil wrote:
Robert Relyea wrote:
On 10/15/2009 02:39 AM, Neil wrote:
Robert Relyea wrote:
If you have no master password set, you have a token that doesn't
have 'need login' set in it. NSS will treat such a token as "always
logged in". No matter how many times y
Robert Relyea wrote:
On 10/15/2009 02:39 AM, Neil wrote:
Robert Relyea wrote:
If you have no master password set, you have a token that doesn't have 'need login' set
in it. NSS will treat such a token as "always logged in". No matter how many
times you log out
Robert Relyea wrote:
If you have no master password set, you have a token that doesn't have 'need login' set
in it. NSS will treat such a token as "always logged in". No matter how many
times you log out, the token and it's keys are still available.
What exactly are you seeing?
What I'm se
Nelson B Bolyard wrote:
By the way, I REALLY REALLY wish that the password manager would use that when
you click the button to reveal the passwords, instead of doing what it does
now, which forces you to re-enter the master password, even if you've JUST
entered it.
I think this is a holdov
Honza Bambas wrote:
http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsPK11TokenDB.cpp#429
Says if there is need for a password when logging in.
Actually the case I want to distinguish is "logged in with a password"
versus "no password" (I don't care what the API return
Honza Bambas wrote:
Neil wrote:
Nelson Bolyard wrote:
I'll add these thoughts. I don't know of any way to "log in" to a
token that has no password. IINM, such a token just "comes up" in a
state that is similar to being already logged in. It's no
Nelson Bolyard wrote:
I'll add these thoughts. I don't know of any way to "log in" to a token that has no
password. IINM, such a token just "comes up" in a state that is similar to being already
logged in. It's not surprising to me that forcefully logging it out leaves it in a state where i
API to log in when there is no password
c) there's a bug in PSM and/or NSS?
Thanks,
Neil.
--
Warning: May contain traces of nuts.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Nelson Bolyard wrote:
NSS certainly supports AES. NSS offers a C API.
PSM is the primary provider of XPCOM wrappers for NSS. I'm not aware of what
raw symmetric encryption capabilities PSM offers to the users of its XPCOM
interfaces. Sadly, few PSM developers hang out here.
For those won
Polly wrote:
Neil wrote:
Polly wrote:
Tom, you asked what third party DLLs I'm using -- it's the openssl DLLs
ssleay32.dll and libeay32.dll.
One possible alternative might be to rewrite your code to use NSS?
Thanks for the suggestion. As it happens, my require
Some users of SeaMonkey 2.0b1 who have migrated from SeaMonkey 1.1.17
have been complaining that the resulting profile claims to have a master
password. As I understand it, NSS uses the key3.db to tell whether or
not a master password exists, and we do nothing more than copy the file
during mig
Nelson Bolyard wrote:
Neil, if your code to do this is in a patch or checked in somewhere, a pointer
to that code would be appreciated.
I was going to email you a diff, but it turns out that there's an error
in my methodology and I wasn't catching people misusing
Nelson Bolyard wrote:
Benjamin Smedberg wrote, On 2009-03-31 08:35:
In the other cases, we should just fix the bug, which is (I think) why Neil
posted originally.
I wish him Godspeed in fixing (or even filing) those bugs.
I filed bugs 486404/5 yesterday, and have a possible patch
Nelson Bolyard wrote:
If you have public redistributable header files that declare the MSVCRT memory
guards, please send a pointer to them. Thanks.
I can't actually find the documentation I originally read about it; this
is the nearest that I get from a search:
http://msdn.microsoft.com/e
Nelson B Bolyard wrote:
The problem is in the way that Mozilla builds JEMalloc for FF on Windows. They
build a replacement for the Microsoft C RunTime Library.
Ah, but I'm hoping that any solution that they manage to implement for
the Mac will be portable to VC Express, since it will only rep
Nelson B Bolyard wrote:
Neil wrote, On 2009-03-29 17:01:
Firefox may want to switch to using the jemalloc allocator on the Mac.
Well, I hope it won't mean for the Mac what it has meant on Windows.
On Windows, the JEMalloc code can ONLY be built with the non-free
"pr
Firefox may want to switch to using the jemalloc allocator on the Mac.
As I understand it, this is tricky because you can't globally replace
malloc/free. While in theory it would be possible to replace NS_Free
and/or PR_Free, this runs into problems when the code doesn't match its
allocators. I
Kai Engert wrote:
> It will also mean that at runtime, each time the browser verifies a
> web site cert, we'll have to query two preferences instead of just one
> (see implementation of and callers to function GetIsOcspOn).
Ah, I had overlooked that version; I thought it was all done via the
p
Bug 110161 turned on OCSP by default. It also followed this up by
changing the UI from a group of three radio buttons to a checkbox and a
pair of radiobuttons. However these three controls fight over the same
preference. This makes for some hairy preference code, but also I
noticed that if you
Nelson Bolyard wrote:
>I'd like to get a dependency tools for Windows again. I guess there's one as
>part of Mozilla, but I don't want to have to build the whole browser to get a
>dependency tool.
>
>
While the Mozilla build system can build its own, I'm not sure NSS is up
to the task, speci
Wan-Teh Chang wrote:
>On Sun, Feb 24, 2008 at 3:15 AM, Neil <[EMAIL PROTECTED]> wrote:
>
>
>>Even in depend builds, Mozilla's root makefile still automatically blows away
>>all of dist/include to avoid such problems... do dist/public and dist/private
>
Wan-Teh Chang wrote:
>I'm not sure if it's still worth implementing the real fix now -- it is easier
>to ask the affected people to blow away their dist/public/nss directory in
>their build trees.
>
>
Even in depend builds, Mozilla's root makefile still automatically blows
away all of dist/in
Nelson Bolyard wrote:
>Neil, here's what I find strange about all this.
>
>The code you cite builds and runs, without error, continuously, on a whole
>bunch of tinderbox systems
>
That's because a number of factors are required to trigger this "bug":
1. The
Neil wrote:
> I've got the real one in dist/private/nss and an outdated one in
> dist/public/nss
Looks like tpol is suffering from the same problem, but nobody noticed
since KaiRo is away attending FOSDEM:
http://tinderbox.mozilla.org/showbuilds.cgi?tree=SeaMonkey-Ports&max
Neil wrote:
> pkixt.h contains
>
> typedef struct PKIX_PL_OcspCertIDStruct PKIX_PL_OcspCertID;
... but that depends on which pkixt.h you look at! I've got the real one
in dist/private/nss and an outdated one in dist/public/nss...
Note that the root makefile explicitly removes d
Nelson Bolyard wrote:
>In any case, I'd guess the right "fix" is for pkix_pl_oscpcertid.h to include
>pkixt.h, since it depends on types defined there.
>
>
The build still didn't succeed. This is also now with a normal MSYS
VC7.1 SeaMonkey build, which produces this (partial) output:
make[6]:
Wan-Teh Chang wrote:
>Can you try adding a forward declaration to pkixt.h
>struct PKIX_PL_OcspCertIDStruct;
>before that typedef?
>
>
Sorry, that seems to make no difference.
--
Warning: May contain traces of nuts.
___
dev-tech-crypto mailing list
de
a missing import.
Nelson Bolyard wrote:
>Neil wrote, On 2008-02-22 17:05:
>
>>On second thoughts the problem seems to be that someone is including
>>pkix_pl_oscpcertid.h before pkixt.h
>>
>>
>Doesn't the compiler name the .c file that
Neil wrote:
> Wan-Teh Chang wrote:
>
>> On Fri, Feb 22, 2008 at 4:35 PM, Neil <[EMAIL PROTECTED]> wrote:
>>
>>> pkix_pl_oscpcertid.h contains:
>>>
>>> struct PKIX_PL_OcspCertIDStruct {
>>>CERTOCSPCertID *certID;
>>>
Wan-Teh Chang wrote:
>On Fri, Feb 22, 2008 at 4:35 PM, Neil <[EMAIL PROTECTED]> wrote:
>
>
>>pkix_pl_oscpcertid.h contains:
>>
>> struct PKIX_PL_OcspCertIDStruct {
>>CERTOCSPCertID *certID;
>>PRBool certIDWasConsumed;
>> };
pkix_pl_oscpcertid.h contains:
struct PKIX_PL_OcspCertIDStruct {
CERTOCSPCertID *certID;
PRBool certIDWasConsumed;
};
/* see source file for function documentation */
PKIX_Error *pkix_pl_OcspCertID_RegisterSelf(void *plContext);
PKIX_Error *
PKIX_PL_OcspCertID_Create(
PK
Nelson Bolyard wrote:
> That user cert you created doesn't have an email address in it.
Sorry, my bad; I couldn't cut and paste and I overlooked the
[EMAIL PROTECTED], in the command line for the email cert.
> I suggest you try both (in separate certs).
They both seem to work, but I like the c
Here is what I got to work, loosely based on instructions from Kai Engert:
cvs -d :pserver:[EMAIL PROTECTED]/cvsroot co mozilla/nsprpub
mozilla/security/nss mozilla/security/coreconf mozilla/security/dbm mozilla/dbm
make -C mozilla/security/nss nss_build_all
Then, in the profile directory run th
Nelson B Bolyard wrote:
>Neil wrote, On 2008-02-20 16:33:
>
>
>>It seems that building SeaMonkey will include certutil
>>
>>
>Do SM builds build all the NSS commands? That seems like a big waste.
>
>
Sorry, I hadn't looked closely enough, I s
ofile
(with the test email address [EMAIL PROTECTED])!
Thanks in advance,
Neil.
--
Warning: May contain traces of nuts.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Wan-Teh Chang wrote:
You'll see that the Mozilla developers override these make variables
used by the NSS coreconf build system when cross-compiling NSS:
199 ifdef CROSS_COMPILE
200 DEFAULT_GMAKE_FLAGS += \
201 NSINSTALL="$(NSINSTALL)" \
202 NATIVE_CC="$(HOST_CC)" \
203
Wan-Teh Chang wrote:
NSS uses LD on Unix (including Linux and Mac OS X), and LINK on
Windows, to refer to the linker.
It also uses $LINK_DLL on Windows and $MKSHLIB everywhere else. How
inconsistent :-(
--
Warning: May contain traces of nuts.
___
Nelson Bolyard wrote:
Neil wrote:
Nelson B wrote:
I suggest that you first try to get NSS to build for you in its stand-alone
configuration, using only NSS's makefiles and not any of the other mozilla
products' makefiles.
Where would this be documented, with specific
Wan-Teh Chang wrote:
None of the NSS developers cross-compiles NSS. (The closest thing we
do to cross-compilation is to build the Windows CE binaries on Windows
2000/XP.) So we're not familiar with how the Mozilla developers
cross-compile NSS.
I don't think many Mozilla developers cross-co
Nelson B wrote:
I suggest that you first try to get NSS to build for you in its
stand-alone configuration, using only NSS's makefiles and not any of
the other mozilla products' makefiles.
Where would this be documented, with specific reference to cross
compilation?
--
Warning: May contain
Myself using Interix and "Mook" using Wine have both tried to
cross-compile Mozilla using MSVC as a cross compiler. Generally I would
like to think that NSS has been the easiest part to cross compile, but
here are the issues we ran into:
1. Because we're not using GCC or MSYS, rules.mk tries
Steve Mitchell wrote:
It is confusing deploying JSS on Windows XP. The library jss4.dll depends
on libnspr4.dll, not nspr4.dll as is installed with Firefox. Other
dependent libraries such as nss3.dll depend on nspr4.dll. Should I copy and
rename nspr4.dll to libnspr4.dll, or are these suppos
I'll be looking into this problem. At first glance at the code I noticed
a comment which says "this code still has some problems reading PKCS12
file generated with Communicator". Is your PFX file one of these? There
some comments in the pk12 code that mention problems with old
implementations.
46 matches
Mail list logo
