Hi, I have an application in which a gecko browser is embedded. The application is crashing when I try to access any https url's because nss is not properly initialised at this point. The crash is in PK11_TokenExists(). I want to block my browser from rendering https sites. If a user clicks on a https link I can block that load in OnSta...
I'm trying to sign an XPI on linux (no gui) using the NSS cert db (cert8.db and key3.db) i copied from another server of mine, on which I can sign XPI's just fine. On the new box I can sign with a brand new test certificate ok, but when i try to use the old cert db, it complains with: signtool: PROBLEM signing data (Unknown issuer) C...
How do I convert public key generated by OpenSSL into one NSS would understand? I've generated key with OpenSSL, exported it into pkcs12 format, imported it into NSS database and then extract public key with McCoy utility. And it was different to my great surprise. That is probably the matter of encoding but which one should I use? Upda...
Can somebody advise me what this code does and how can I convert it to Ruby in most simple way? #!perl use Convert::ASN1; my $asn1 = Convert::ASN1->new(encoding => 'DER'); $asn1->prepare(q< Algorithm ::= SEQUENCE { oid OBJECT IDENTIFIER, opt ANY OPTIONAL } Signature ::= S...
We have an SELinux client that authenticates network users using LDAP connecting to an Active Directory server. Since our machines have to operate "untethered," we have to use nscd to cache group and passwd info. Here's the issue. If we change group information on the Active Directory server, then log in on the client, if a cache exists...
I am attempting to enable FIPS mode on my windows machine, running glassfish_v21 Enterprise with HADB. I am doing this as a way to test the process on a machine with less collateral damage than on a Development Environment. However I receive an error when attempting to enable FIPS mode, below are the steps that I followed. I used modut...
I have my very own privacy CA library. So now I want to integrate it with the mozilla nss. So every time when my firefox want to access https page, it will call this library via nss. my problem is, i could not find, at with point (or with source file) within firefox that make a call for nss_init stuff.. help me ...
Ok, now i have my own function that runs inside or after the NSS_init. This functions return 2 values. Now, my problem is, how to pass this return value to the tls extension inside NSS? I found a file called ssl3ext.c in NSS, but dont have any clue where to start or what to do. So in the end, I have a Http header with additional inform...
Since the latest version of NSS does not provide the SSLSample program, I copied the folder SSLSample from the older version of NSS (3.9, 3.12) to the /security/nss/cmd folder inside nss-3.12.4 . When I run make nss_build_all in my 3.12.4, the other programs generated its own binary but not my SSLSample folder. I would like to know wh...
If open the mozilla nss, which code can I refer to for me to know where is the part that handles the client side server name indication? which part that really tells the server which server the client want to connect? ...
Hey all, Having some issues with C. I have this is my code: // First line works, second line does not! char outbuf[1024]; // char *outbuf = (char *) malloc(1024); // char is always 1 I am passing this outbuf to a method called PK11_CipherOp(), declared in the NSS library. The Documentation for this method can be found here, you ca...
In Firefox, I would like to know which code/file that is triggering the ssl_error_ssl_disabled error message? I want to look at the code that triggers this error message .. This is because, I add a new error messagge in my libssl3.so (compiled from nss), and paste it into /usr/lib, but somehow when I intentionally disable my ssl inside ...
I'm trying to get some NSS code working and I'm getting this error: java.lang.UnsatisfiedLinkError: org.mozilla.jss.ssl.SSLSocket.setSSLDefaultOption(II)V at org.mozilla.jss.ssl.SSLSocket.setSSLDefaultOption(Native Method) at org.mozilla.jss.ssl.SSLSocket.setSSLDefaultOption(SSLSocket.java:950) at org.mozilla.jss.ssl.SSLSock...
I'm using apache to validate the certificate revocation on multiple client certificates. Many of the certificates are under different CA hierarchies. Normally this is situation is handled by the oscp aia location. However, One of the contraints is that some of the certs do not have ocsp aia locations in their extensions. Therefore in ap...
Users are getting sporadic "Server not found" errors after idling in the browser. We have a HTTPS web application (Apache/Tomcat) using NSS for authentication on the server. The error occurs when a user opens the application and later lets it sit idle/untouched for 15 minutes. When they try to access the application they can get a "Ser...
Hi, I have installed Java EE 6 with GlassfishV3. I want to use NSS tools to manage the security of the server, i.e generating certificates using certutil. However I can't find the NSS library and tools in Glassfish. On the other hand, I read the documentations of Java EE 6 and it says that it still supports NSS! Does anybody know about...
I'm developing a CAC authentication app. I'm running RHEL 5.5 and have a card reader attached to my machine. When I insert a smart card/CAC, there is a popup notification that comes on the upper right hand side on the window where the clock is and the "Smart Card Manager" GUI is accessible clicking on the icon (card with lock on it) tha...
I'm using nss libraries to read certificates off a smart card/CAC. This is for an app on red hat linux. Bascially I need to get the list of certificates from the CAC and present to the user in a gui (using wxWidgets) allowing the user to pick the certificate to use for authentication. For that, I need to present the certificate list in a...
I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a certificate in a previous session and I have to check if it is still valid (i.e., not expired or revoked since it was stored) before starting a new session. I understand ...
Hi, I am creating an app where I need to manage X.509 certificates programmatically. Till now I have been launching the certutil tool to create the cert database and add and delete certificates from it. The only task I am doing programmatically is to query the databse for a cert using CERT_FindCertbyName. However, I am thinking of remov...