a-build/msys' part is the problem. Can you run the command
'env' to print your environment variables, and see which one contains
'C:/mozilla-build/msys'?
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
n() call of libfreebl3.so
failed because it could not find libfreebl3.so. I suggest you
investigate in that direction.
By the way, are you using a MIPS development board such as Creator
Ci20 that I can easily buy to reproduce your problem?
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Wed, Feb 10, 2016 at 11:50 PM, WebDoctor wrote:
> Hi,
>
> I'm working in a Firefox extension that will use some cryptographic
> operations.
>
> The problem I found is that when I sign data using the private key in the
> server-side, I couldn't find any appropriate function in NSS to do public
On Tue, Dec 1, 2015 at 8:55 AM, Julien Vehent wrote:
>
> AES-NI is fast enough that we shouldn't have to care:
>
> $ openssl speed -evp aes-256-gcm
> type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes
> aes-256-gcm 385250.93k 983154.24k 2011460.35k 2620519.76k 3
On Mon, Dec 8, 2014 at 8:28 PM, sachin gupta wrote:
> What would be best version of NSS to support TLS 1.2 in flash, noticing that
> TLS 1.2 support was first introduced in version 3.15.1 of NSS ??
In general, use the latest version of NSS. The latest NSS release is 3.17.3:
https://developer.moz
On Mon, Oct 7, 2013 at 12:02 PM, Brian Smith wrote:
>
> If you are referring to something other than the TLS_*_SHA256 cipher
> suites, please be more specific as to what you are referring to.
Brian,
If you can enable TLS 1.2 by default in Firefox, that should make
Mountie happy. Besides the HMAC
On Mon, Oct 7, 2013 at 11:17 AM, Brian Smith wrote:
>
> I think it is likely that some vendors of NSS-based products with very
> conservative backward-compatibility guarantees, like Oracle and maybe
> Red Hat, may need to continue supporting SSL 2.0 in their products due
> to promises that they've
On Thu, Sep 5, 2013 at 9:42 AM, Elio Maldonado Batiz
wrote:
>
> If you have a mozilla-bugzilla account please log a bug. If not then one of
> us could do it on your behalf.
Milan already filed a bug report for his doxygen patch:
https://bugzilla.mozilla.org/show_bug.cgi?id=912360
Wan-
On Fri, Aug 16, 2013 at 3:36 PM, Rob Stradling wrote:
>
> Wan-Teh, why do you think Firefox should specify a preference for ECDSA over
> RSA?
Because ECDSA is more secure than RSA, and ECC implementations will
become faster over time.
The ordering of RSA and ECDSA is really a "symbolic gesture"
On Fri, Aug 16, 2013 at 11:13 AM, Camilo Viecco wrote:
> Hello Brian
>
> I think this proposal has 3 sections.
> 1. Unifing SSL behavior on browsers.
> 2. Altering the criteria for cipher suite selection in Firefox (actually
> NSS)
> 3. removing certain cipher suites from the default firefox ciphe
ake messages.
If you are using the NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option,
please let me know. If you call SSL_CanBypass before enabling the PKCS
#11 bypass mode, you should not need the
NSS_SURVIVE_DOUBLE_BYPASS_FAILURE build option.
Thanks,
Wan-Teh Chang
--
dev-tech-crypto mailing list
On Mon, Jun 10, 2013 at 3:43 PM, Robert Relyea wrote:
>
> Yeah, you need to use the new assembler on RHEL-5:
>
> As root:
> yum install binutils220
>
> As user:
> export PATH=/usr/libexec/binutils220:$PATH
>
> Then do you your build.
Bob, could you add the above to the NSS build instructions page
Kai,
Thank you for creating the NSPR 4.10 and NSS 3.15 releases.
I have just announced the NSPR 4.10 release in the NSPR newsgroup:
http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-Release-tc280660.html
http://permalink.gmane.org/gmane.comp.mozilla.devel.nspr/1698
https://groups.google.com/fo
On Tue, May 21, 2013 at 12:11 AM, Ashwani Kadian
wrote:
> Hi All,
>
> In NSS 3.14.3 build process, shlibsign crashes while trying to sign
> "libsoftokn3.sl" on HP-UX 64 bit machine. It works fine on 32 bit HP-UX.
>
> mozilla/security/nss/cmd/shlibsign/HP-UXB.11.11_64_OPT.OBJ/shlibsign -v -i
> mo
Hi Tiago,
On Fri, Feb 15, 2013 at 11:34 AM, TIAGO ALVES wrote:
>
> I saw previous messages that reported build problems in the NSS - PKCS
> #11 Test Suites.
>
> I would like to know if those issues have already been addressed?
We never had the time to retrieve the source code of the missing tool
[NOTE: NSS 3.14.2 does not include a fix for the attacks described in
the paper "Lucky Thirteen: Breaking the TLS and DTLS Record Protocols"
(http://www.isg.rhul.ac.uk/tls/). An upcoming NSS patch release will
address the attacks.]
Network Security Services (NSS) 3.14.2 is a patch release for NSS
On Mon, Jan 28, 2013 at 4:34 AM, Kai Engert wrote:
>
> I commented on the patch for bug 834091 that you included in
> mozilla-central in the bug. It seems you are adding a new API to mozilla
> desktop that hasn't been fully reviewed nor checked in to NSS yet.
>
> https://bugzilla.mozilla.org/show_
On Thu, Jan 24, 2013 at 1:52 AM, Sergey Emantayev
wrote:
>
> For the reference, I'm attaching the back ported fix for the 3.12.5, with no
> warranties.
[...snipped]
> --- nss-3.12.5-orig/mozilla/security/nss/lib/ssl/sslimpl.h Tue Jan 15
> 16:40:47 2013
> +++ nss-3.12.5/mozilla/security/nss/
2012/11/27 Brian Teh :
>
> THUNDERBIRD_LDFLAGS = -L$(THUNDERBIRD_OBJDIR_PATH)/mozilla/dist/lib \
>-lxpcomglue_s\
>-lxpcom \
>-lmozalloc \
>-lnss\
>
On Wed, Oct 24, 2012 at 10:19 PM, Julien Pierre
wrote:
>
> The following changes may be problematic :
>
> 1) * New default cipher suites
>
> ( https://bugzilla.mozilla.org/show_bug.cgi?id=792681 )
>
> The default cipher suites in NSS 3.14 have been changed to better
> reflect the current security
On Tue, Oct 2, 2012 at 9:02 PM, Robert Relyea wrote:
>
> But we can use it go seed the prng. There's a pretty easy way to get NSS to
> use HW generated values to get some initial entropy: If you create a PKCS
> #11 module that advertises a RNG (See the PKCS #11 spec), NSS will mix
> entropy from i
On Tue, Oct 2, 2012 at 7:45 PM, Michael Demeter
wrote:
>
> Continuation would then be to eliminate any unnecessary work being
> done to increase the randomness..Since the HW generated values
> can be used directly. This could help a small little bit in performance
> (but that is a secondary effect
On Sat, Aug 11, 2012 at 5:37 AM, Gökçen Eraslan
wrote:
>
> When I traced the code I see that sec_pkcs7_create_signed_data call
> returns successfully but sec_pkcs7_add_signer fails.
>
> Trace is like that:
>
> sec_pkcs7_add_signer -> CERT_VerifyCertificate -> CERT_VerifyCertChain
> -> CERT_FindBa
On Thu, Jul 12, 2012 at 3:20 AM, Sam Laidler
wrote:
>
> I want to distribute NSS without the MS redistribution package. When I read
> the following,
> I got the impression that it should be theoretically possible:
>
> https://developer.mozilla.org/en/USE_STATIC_LIBS
That page describes the USE_S
Rob,
Please fix the bug in the "old" certificate verification library. Thanks.
Are you going to use the approach outlined by Nelson in bug 479508 and
bug 482153?
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Mon, May 21, 2012 at 5:21 AM, Bernhard Thalmayr
wrote:
> Hi Wan-Teh, Nelson, could it be that this error is also raised by the client
> if the client can not 'participate' in ssl client-auth?
Yes, this is possible.
> Unfortunately I only got a text-output of 'ssldump', not sure if this is
> w
On Tue, May 8, 2012 at 7:33 PM, Nelson B Bolyard wrote:
>
> Bernhard,
> I think the most likely explanations are these:
>
> 1) Server certificate has a public key that is too small, too large, has a
> too small public exponent (if RSA), an unknown key type, or a key for an
> Elliptic Curve that is
On Mon, May 7, 2012 at 9:20 AM, Marc Patermann
wrote:
> Hi,
>
> I posted my issue on Thunderbird-Enterprise before and Ludovic Hirlimann
> sent me here.
>
> I created an own CA and put the cert in cert8.db by GUI in Thunderbird 10
> ESR.
> As far as I understand it, the way to go is to put the cor
od to the CryptoHmac interface, so
that we can implement the verify() method with constant time byte
comparison.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Wed, Apr 4, 2012 at 4:39 PM, Brian Smith wrote:
>
> I don't know what platform JV is on, but I know on Mac OS X,
> all the internal symbols in FreeBL and maybe other libraries
> are exported. This is how the Firefox Sync developers got
> so far in developing their JavaScript implementation of J
On Wed, Apr 4, 2012 at 12:47 PM, Anders Rundgren
wrote:
>
> Mozilla should IMO rather hook into the
> other vendors cryptographic solution, possibly at the expense of NSS.
>
> According to a [colleage] of mine Chrome even use the platform's SSL
> implementation! Well, not in *NIX since there is n
ozilla.org/attachment.cgi?id=608587
Thanks to Rob Stradling of Comodo for reporting the bug and providing a
patch.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Mar 9, 2012 at 9:56 AM, Brian Smith wrote:
>
> The second question is: Should we change the string in the display of the
> *root* certificate from "VeriSign, Inc." to "Norton."
Ideally this string should come from the certificate. The fundamental
purpose of a certificate is to bind a pu
On Thu, Jan 19, 2012 at 1:43 AM, Brian Smith wrote:
> HTTPbis seems to be in its final stages. Although it is supposed to be a
> somewhat minor revision, quite significant changes have been made to
> the spec. We should review the changes and make sure we provide our
> feedback before it is too la
On Wed, Jan 18, 2012 at 2:44 PM, Brian Smith wrote:
> Mike Hommey wrote:
>> Please note that this is going to be a problem on systems that have
>> system nspr and nss libraries that other system libraries use.
>
> I am intending to avoid changing how NSS is linked on Linux, at least at the
> begi
On Fri, Jan 13, 2012 at 7:38 AM, Stephen Hanna wrote:
> I'm having lunch today
> with Yassir Elley, who did most of the coding
> for the first version of libpkix. He works on
> the same team as I do now, at Juniper. We'll
> mull over this question and see if we can recall
> why we included those l
On Wed, Jan 4, 2012 at 3:51 PM, Brian Smith wrote:
>
> But, it is a little distressing that Google Chrome seems to avoid libpkix
> whenever possible, ...
This is not true. In fact, Google Chrome is an early adopter of libpkix,
and works very hard to fix or work around the bugs in libpkix. (Goog
On Tue, Oct 18, 2011 at 2:41 PM, Brian Smith wrote:
> Will we release a special update to NSS 3.13 to fix the regression bug
> 693228, or will we wait until the next release?
NSS 3.13.1 will be that special update to NSS 3.13 to fix bug 693228
and any other regressions we know of.
Wan-Teh
--
d
On Mon, Oct 17, 2011 at 1:11 AM, Gen Kanai wrote:
>
>> 4. Ported to iOS. (Requires NSPR 4.9.)
> Hi Wan-Teh,
>
> Thank you for this notice.
>
> I'm more just curious but do we know of any publicly software shipping
> for iOS that uses NSS 3.13?
I don't know of any. FYI, here is the bug:
https://b
On Fri, Oct 14, 2011 at 10:14 AM, Elio Maldonado wrote:
> Hi all,
>
> NSS is listed as its own project and as a rung 1 project at
> http://scan.coverity.com/rung1.html
> if I understand correctly means there is an official contact for nss.
>
> I need to see the results of the nss coverity scans fo
rror code.
6. Added NSS_GetVersion to return the NSS version string.
7. Added experimental support of RSA-PSS to the softoken only
(by Hanno Böck, http://rsapss.hboeck.de/).
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Thu, Oct 13, 2011 at 3:54 AM, Pontus Ericson wrote:
> Hi
>
> I mailed this mailinglist a few weeks ago regarding the development of
> DNS-based certification authentication for S/MIME.
>
> I am now starting the project fully and I'm going to use Thunderbird/Mozilla
> NSS in the development. I w
GNING attributes.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Sep 23, 2011 at 2:02 PM, Douglas Stebila wrote:
> Perhaps someone will take a look at this forlorn bug and patch?
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=660394
Yes, I can take a look at the patch.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https:
On Thu, Sep 22, 2011 at 5:22 AM, Pontus Ericson wrote:
> Hi.
>
> My name is Pontus Ericson and I'm a computer science student at the Royal
> Institute of Technology in Stockholm, Sweden. I am currently doing my master
> thesis where I will explore the possibility of deploying DANE (DNS-based
> Au
/buglist.cgi?list_id=1105376&resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.12.11&product=NSS
plus the following bug:
Bug 668397: Crash when verifying certificate chain containing Fortezza
certificates
(the smaller patch for NSS_3_12_BRANCH
ry?
I just want to note my objection to this proposal before I forget
again. I won't repeat the arguments given by Nelson Bolyard and Marsh
Ray.
Wan-Teh Chang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, Apr 29, 2011 at 6:30 AM, Nate Hoellein wrote:
> Hi - I'm attempting to build nss on windows and getting the following
> output:
>
>
> $ make nss_build_all
> cd ../coreconf ; make
> make[1]: Entering directory `/c/mozilla/security/coreconf'
> cd nsinstall; make export
> make[2]: Entering
On Thu, Apr 28, 2011 at 4:50 AM, Jean-Marc Desperrier wrote:
>
> BTW isn't there somewhere a page with the corespondance between NSS and
> Firefox version ? I believe there is one, but can't find it again.
The page is
http://www.mozilla.org/projects/security/pki/nss/mozilla-nss-versions.html.
I
On Wed, Apr 27, 2011 at 6:42 AM, Jean-Marc Desperrier wrote:
> Jean-Marc Desperrier wrote:
>>
>> Johan Sys wrote:
>>>
>>> [...]
>>> We did some tests with name constraints with positive results:
>>> SubCA with name constraint as follows :
>>> Permitted
>>> [1]Subtrees (0..Max):
>>> DNS Name=.goodc
On Mon, Apr 11, 2011 at 1:45 AM, Bernhard Thalmayr
wrote:
> Hi experts,
>
> I'm experiencing an interesting issue.
>
> OpenAM url-policy agent, which is using NSS/NSPR, 'hangs' when trying to
> establish a connection to an SSL-enabled server.
>
> OS: Solaris10
> Machine: Sun Fire T2000 (CMT)
> NSS
On Thu, Apr 21, 2011 at 1:06 PM, Bernhard Thalmayr
wrote:
> Hi experts, according to
> 'https://developer.mozilla.org/en/NSS_reference/NSS_environment_variables'
> PKCS#11 crypto module will throw an error if not initialized by the process
> which will use it (even it has been initialized by the p
On Wed, Apr 20, 2011 at 7:46 AM, Bernhard Thalmayr
wrote:
> Thanks for the pointer Wan-Teh
>
> meanwhile I already used dbx and got this ...
You're right. I haven't used Solaris for a long time. If
you compile the code with Sun Studio compilers, you
should use dbx.
> Current function is SSL_Op
On Wed, Apr 20, 2011 at 3:27 AM, Bernhard Thalmayr
wrote:
> Hi experts, it would be great if some could shed some light on the
> following
>
> OpenAM web-agents are using NSS/NSPR for outbound connections.
>
> I get a core-dump of Apache http server when agent is doing outound
> ssl-connection
On Fri, Apr 8, 2011 at 12:50 PM, Honza Bambas wrote:
> I'm getting the no issuer chain error even when I first visit the
> https://crm.ausnetservers.net.au link with an empty (clean) profile - so
> there is certainly no cert exception nor any additional certificates.
>
> I don't think this is a Fi
On Thu, Apr 7, 2011 at 3:02 PM, Robert Relyea wrote:
>
> I had thought these were in, but I was thinking of a different bug with
> a patch by Aleksey. I've marked these as target 3.12.10.
I just checked in the patches in NSS bugs 559508 and 559510 on the
NSS_3_12_BRANCH.
Wan-Teh
--
dev-tech-cry
On Thu, Apr 7, 2011 at 5:26 AM, Joachim Lingner
wrote:
> Hi,
>
> I am testing NSS 3.9.12 with CKBI 1.82 on Windows. To verify that the bogus
> certificates are recognized as such I run vfychain. The certificates are
> exported from the Windows certificate store.
>
> Having vfychain use CERT_Verif
On Wed, Mar 30, 2011 at 6:45 AM, Kaspar Brand wrote:
>
> Sounds good. security/nss/lib/jar is currently the other place which
> also depends on the NSS_X* macros, i.e. it should be a header file which
> can be used by files outside freebl, too.
I see. security/nss/lib/util/secport.h is a header
On Tue, Mar 29, 2011 at 11:21 AM, Mark Mentovai wrote:
>
> I would avoid this. -Xarch_arch is implemented as an Apple GCC
> driverdriver option and isn’t available in mainline GCC or even the
> Apple GCC’s CPU-specific frontends (such as i686-apple-darwin10-
> gcc-4.2.1). -Xarch_arch would allow t
The inability to allocate mp_int variables on the stack is not as bad
as it seems. This is because the 'dp' array inside an mp_int still
needs to be allocated from the heap. An mp_new function can allocate
the mp_int structure and the 'dp' array in one shot if the number of
digits needed is known
On Wed, Mar 2, 2011 at 3:23 AM, Gervase Markham wrote:
>
> Usually, we prefer mentors to propose projects because then we know that the
> project is something the mentor is interested in mentoring, and we can
> assess the project as being of an appropriate size and complexity.
Hi Gerv,
Thank you
On Wed, Feb 23, 2011 at 3:26 AM, Gervase Markham wrote:
> Hi NSS team,
>
> Are any of you interested in submitting a proposal for a Summer of Code
> project for Bugzilla this year, and mentoring it?
> https://wiki.mozilla.org/Community:SummerOfCode11:Brainstorming
Hi Gerv,
I just expressed my in
On Mon, Feb 28, 2011 at 9:03 AM, Jean-Marc Desperrier wrote:
> Hi,
>
> There was some talk last october about accessing the mp_int API from
> javascript, and so freezing it in order to make it available as a frozen
> API.
>
> Nelson concluded that the one difficult point would be to freeze the mpd
On Thu, Feb 17, 2011 at 7:10 AM, Stephen Hanna wrote:
> Does Thunderbird support certification path building? If so, how
> is it enabled and configured?
Hi Steve,
I am confused by your question. An S/MIME client obviously must
support certification path building by default. Did I miss somethin
On Tue, Feb 15, 2011 at 8:19 AM, David B Hinz wrote:
>
> Was there a bug fix to JSS 4.2.5, 4.3, or 4.3.1 that dealt with a problem
> with sockets not being closed properly when a client application was
> shutting down?
I don't know which bug you're referring to.
This Bugzilla query returns all t
On Mon, Jan 31, 2011 at 1:55 AM, mandeep alluru wrote:
> Hello Everyone,
>
> I am new to using NSS and have been exploring the features of NSS for
> the past two weeks. I would like to know if NSS supports TLS Next-
> Protocol-Negotiation and TLS snap start extensions. I would be glad if
> you giv
On Sun, Jan 30, 2011 at 1:32 AM, Nelson B Bolyard wrote:
>
> Firefox doesn't send TLS client hellos to servers that fail to complete
> ANY handshake with ANY version of SSL or TLS some number of times in a row
> when it has tried sending TLS client hellos. Once it decides the server
> is incompat
On Thu, Jan 27, 2011 at 6:06 AM, Martin Boßlet
wrote:
>
> But I again checked the trust settings for the CA certificates.
> They're fine...
Did you check your client certificate in Firefox 4 to make sure it's
imported correctly?
In Firefox 4, open Options (or Preferences) > Advanced > Encryption
On Wed, Jan 26, 2011 at 4:38 AM, Martin Boßlet
wrote:
>
> I want to authenticate to a server using TLS client authentication, so
> I imported a PKCS#12 file for this purpose.
> Unfortunately the certificate is from an internal CA that does neither
> issue keyUsage, extendedKeyUsage
> nor NetscapeC
On Mon, Jan 24, 2011 at 12:18 PM, Robert Relyea wrote:
>
> (I always thought the
> universal binaries were built by building each arch separately and then
> combining them at the end).
This is correct.
It is also possible to build for two arches in one pass, for example,
gcc -arch i386 -arch x86
On Wed, Jan 19, 2011 at 8:08 PM, Nathan Craike wrote:
> Is it possible to build the 32-bit version on a 64-bit Mac? The Mac OS X man
> page for gcc describes an "Apple only" option -arch:
>
>> -arch arch
>> Compile for the specified target architecture arch. The
>> allowable values a
Hi Nathan,
I know about this problem. Apple's compiler generates 64-bit binaries
by default now. So passing USE_64=1 to make is one solution to the
build problem, but it produces a 64-bit build.
To generate a 32-bit build, your workaround of passing CC="gcc -arch
i386" CXX="g++ -arch i386" to m
On Thu, Jan 13, 2011 at 2:53 AM, Bernhard Thalmayr
wrote:
>
> It might be helpfull if SSLTRACE and PKCS#11 could log a timestamp to help
> in correlation.
You can add 'timestamp' to the NSPR_LOG_MODULES environment variable. See
http://www.mozilla.org/projects/nspr/reference/html/prlog.html#2530
On Wed, Jan 12, 2011 at 2:38 PM, Robert Relyea wrote:
> On 01/12/2011 01:26 PM, Bernhard Thalmayr wrote:
>> 331569088[1bd1610]: C_UnwrapKey
>> 331569088[1bd1610]: hSession = 0x6
>> 331569088[1bd1610]: pMechanism = 0x7fffcd592ea0
>> 331569088[1bd1610]: hUnwrappingKey = 0x8
>> 331569088[1bd161
On Tue, Jan 11, 2011 at 4:48 AM, Irune Prado Alberdi wrote:
>
> While if I terminate the pkcs11 session in firefox I can successfully acces
> the token
>
> $ certutil -d sql:. -K -h izenpe
> certutil: Checking token "Builtin Object Token" in slot "NSS Builtin Objects"
> certutil: no keys found
>
On Tue, Jan 11, 2011 at 4:48 AM, Irune Prado Alberdi wrote:
>
> Up to this point I can properly work with my certificates in firefox but when
> I try to simultaneously access it via certutil I get blocked
>
> ~/.pki/nssdb$ certutil -d sql:. -K -h izenpe
>
This doesn't block when I run Google C
On Wed, Jan 12, 2011 at 2:02 PM, Bernhard Thalmayr
wrote:
>
> Am'I wright that 'C_DeriveKey' is actually 'NSC_DeriveKey' in
> http://mxr.mozilla.org/security/source/security/nss/lib/softoken/pkcs11c.c ?
Yes. C_DeriveKey is a function pointer. It points to the
NSC_DeriveKey function.
Wan-Teh
--
Hi Bernhard,
The best way to debug this is to find out where NSS's internal PKCS
#11 module sets the error code CKR_DEVICE_ERROR. Unfortunately there
are a lot of possible places (all the files in the
mozilla/security/nss/lib/softoken directory):
http://mxr.mozilla.org/security/ident?i=CKR_DEVICE
Bob,
Thank you for writing the meeting notes. I will also be out next week.
NSPR 4.8.7 Beta 2 looks good. The only additional patch I may include
in NSPR 4.8.7 is the second patch in
https://bugzilla.mozilla.org/show_bug.cgi?id=604263.
Re: NSPR IPv6: for reasons I don't remember and can't find
Dave,
I can help you write a patch to fix this problem.
The "(-8157) Certificate extension not found" part in the error message:
org.mozilla.jss.crypto.NoSuchItemOnTokenException: Expected user
cert but no matching key?: (-8157) Certificate extension not found
is most likely wrong (a stale erro
Hi passfree:
On Wed, Nov 24, 2010 at 9:32 AM, passfree wrote:
>
> I am developing a generic SSL pipe XPCOM component which can be used
> on any Input/Output stream pair. So far it sort of works but I am
> facing one problem and I am not sure how to deal with it. The problem
> arrises when a clien
On Thu, Nov 18, 2010 at 3:08 PM, Brian Smith wrote:
> (Note that this is to: dev-tech-crypto)
>
> Short Version: We are looking at taking a private patch for one Firefox beta
> cycle in
> mozilla-central to export the MPI functions from FreeBL on all platforms in
> our private
> copy of NSS. The
On Tue, Nov 9, 2010 at 9:23 PM, Wolter Eldering
wrote:
>
> Hi Wan-Teh,
>
> I was wondering if you found my patches useful? Or maybe I can help in any
> way.
Hi Wolter,
Thank you for attaching your patches and test results to bug 595134:
https://bugzilla.mozilla.org/show_bug.cgi?id=595134
I'm so
On Wed, Oct 27, 2010 at 10:25 PM, Ashok Subash wrote:
>
> Now i could initialize NSS successfully and created the cert and key
> db using SQL Lite as the database.
> Now am getting a SSL Connect error when browsing secure site like
> gmail.com
What's the error code when SSL Connect fails?
> So i
On Sat, Oct 23, 2010 at 5:06 AM, Ashok Subash wrote:
>
> Hi Wan-Teh,
>
> I hope i can disable the NSSDBM module without affecting anything else
> in static DLL approach. I'm assuming it will be then SQLite for
> storing all the certs and keys.
Yes, that's correct.
> I'm planning to debug with an
On Thu, Oct 21, 2010 at 3:53 PM, Nelson B Bolyard wrote:
>
> I'd say the interfaces to those functions (more precisely, their
> signatures) are quite frozen. The mp_int bignum package API is so
> frozen as to have become something of a standard of its own. There
> are now at least 3 different im
On Fri, Oct 22, 2010 at 8:33 AM, Ashok Subash wrote:
>
> Is there any other files that i need to port other than NSPR.
Probably not. NSS depends on the following:
- Standard C Library
- NSPR
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/lis
On Sun, Oct 10, 2010 at 7:45 AM, Matej Kurpel wrote:
>
> What turned out to be the problem, was that
> the CK_BBOOL values were 4-bytes and not 1 byte in size. Took some hours and
> some hair to discover, but hopefully someone finds this if he has the same
> problem and solves it right away :)
CK
Hi Dmitry,
I published unsupported patches for using NSS as static libraries in
https://bugzilla.mozilla.org/show_bug.cgi?id=534471. (Please do not
post questions in that bug report. I want to keep the bug report
focused on the patches.) You're welcome to try them. Note that I
didn't go all th
e
> https://bugzilla.mozilla.org/show_bug.cgi?id=525092#c24 making it minimally
> available requires one call to set the SSL_ENABLE_FALSE_START option, and a
> preference to optionally disable it. Handling the black list is more work, I
> don't know if Google plans to make their list
On Fri, Sep 24, 2010 at 11:12 PM, Wolter Eldering
wrote:
>
> I've added my patches and some test results to bug:
> https://bugzilla.mozilla.org/show_bug.cgi?id=595134
Thank you very much!
> I needed to start chrome like this: "chrome-linux/chrome-wrapper
> --single-process --enable-dnssec-certs"
On Sun, Sep 19, 2010 at 12:39 AM, Wolter Eldering
wrote:
>
> Because we deal with a large number of certificates I've also have some
> patches to reduce the number of queries to the sql: type database.
> And a patch that will make the NSS_SDB_USE_CACHE=yes perform much better. We
> use NSS_SDB_USE
On Mon, Aug 30, 2010 at 8:12 AM, Brian Smith wrote:
> Wan-Teh Chang wrote:
>> I propose that we remove SSL 2.0 support from the NSS trunk (NSS 3.13).
>
> Would this include support for SSLv2->v3 upgrade hellos?
I forgot to talk about this issue. We'll need to keep th
I propose that we remove SSL 2.0 support from the NSS
trunk (NSS 3.13).
SSL 2.0 is an old and insecure protocol. No products
should be using SSL 2.0 today. But removing the SSL
2.0 code from NSS has one major benefit to the continual
development of NSS's SSL library: it'll make the code
base eas
On Fri, Aug 27, 2010 at 2:05 PM, Brian Smith wrote:
> In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a
> (potentially-)FIPS-140-compliant implementation required? Or, would it be
> acceptable in the short-term to have an implementation that is known to be
> non-complian
On Wed, Aug 25, 2010 at 1:39 PM, msm Li wrote:
>
> First thing first, does Mozilla have such plan to port NSS/JSS to smart
> phone
> platform ?
Mozilla doesn't use JSS, so Mozilla is unlikely to work on
porting JSS to new platforms.
Mozilla is porting NSS to Android. I have not seen any
NSS pat
On Wed, Aug 18, 2010 at 3:47 AM, David Stutzman
wrote:
>
> If I query the Mozilla-JSS provider for the algorithms it supports, I get
> the following EC Signature algorithms:
> SHA1withEC
> SHA256withEC
> SHA384withEC
> SHA512withEC
>
> Is there any way to change/add some aliases so the Mozilla-JSS
On Wed, Aug 11, 2010 at 1:18 PM, Matej Kurpel wrote:
> Hello,
> I am trying to implement a PKCS#11 module for my diploma thesis. It is
> intended to be used with thunderbird. I am using opensc pkcs11-spy module to
> debug it. I have a problem for quite some days I don't seem to be able to
> solve
On Mon, Aug 2, 2010 at 12:10 PM, Brian Smith wrote:
> I read a rumor that Mozilla received explicit permission from RSA labs to
> distribute the PKCS#11 header files under the Mozilla tri-license. Does
> anybody know anything about that, and how I can verify it?
That's also what I heard. I don't
On Fri, Jul 30, 2010 at 11:29 AM, Nelson B Bolyard wrote:
>
> I think you're right. I filed
> https://bugzilla.mozilla.org/show_bug.cgi?id=583308
> with a patch to fix at least one problem.
I ran Hanno's test program in a debugger.
I saw the problem that Hanno reported, that
the ASN.1 encoder ca
1 - 100 of 503 matches
Mail list logo
