|
SIGSEGV on 64bit HP-UX with shlibsign (NSS 3.14.3)
|
| |
Hi All,
In NSS 3.14.3 build process, shlibsign crashes while trying to sign "libsoftokn3.sl" on HP-UX 64 bit machine. It works fine on 32 bit HP-UX. mozilla/security/nss/cmd/shlib sign/HP-UXB.11.11_64_OPT.OBJ/s hlibsign -v -i mozilla/security/nss/cmd/shlib sign/../../../../dist/HP-UXB.1 1.11_64_OPT.OBJ/lib/libsoftokn 3.sl... more »
|
|
|
test signed message
|
| |
...
The message is shown as signed by evolution.
I believe you experience a display bug (or rather limitation) in
Thunderbird.
The mailing list software wraps the original message into a
multipart/mixed envelope, in order to add the message list footer.
Thunderbird will only display a signature of the outermost layer, which... more »
|
|
|
Changing the recommended list archive (as Google's archive is incomplete)
|
| |
Either groups.google.com or giganews ignores (drops) messages containing
a base64 encoded block of data, such as the one contained in S/MIME
signed messages. We had asked to get this resolved [1], but didn't get a
response, and it's still broken.
Apparently the following archives correctly include signed messages:... more »
|
|
|
Should we create a Web API for importing PKCS 12
|
| |
Hi,
Currently on Firefox OS (B2G), there's no Web API could install PKCS 12.
The use cases could be Wifi, VPN,... etc.
Some examples can be found on Android, see [1]
Although I have found WebCrypto in the wiki and bugzilla,
but it seems it didn't support pkcs12, right?
Also I found that NSS would use XUL to show some UI (i.e. password)... more »
|
|
|
OCSP GET Integration
|
| |
I am writing FF tests and such for OCSP GET. Kai's patches work fine, the certs fetched with GET are disk cached. The [link] patches turn on this behavior, which is probably
fine. My question is: do we want a pref for this to turn the GET behavior on and off, i.e. for testing?... more »
|
|
|
Removal of "Revocation Lists" feature (Options -> Advanced -> Revocation Lists)
|
| |
Hi all,
I propose we remove the "Revocation Lists" feature (Options -> Advanced -> Revocation Lists). Are there any objections? If so, please explain your objection.
A certificate revocation list (CRL) is a list of revoked certificates, published by the certificate authority that issued the certificates. These lists vary from 1KB to potentially hundreds of megabytes in size.... more »
|
|
|
fipstest.c in nss 3.14.3 does not support prediction resistance = true case
|
| |
Hi,
The fipstest.c does not seem to support the scenario with prediction resistance = true . The case statement for function drbg has to change if prediction resistance is true and also the NIST request file has an additional parameter EntrophyInputPR in case of [Prediction resistance = true ] scenario and this is not even parsed by fipstest.c .... more »
|
|
|
fipstest.c in nss 3.14.3 needs updating for DRBG tests
|
| |
Hi ,
We were planning on using the nss drbg model for validating the HASH_DRBG implementation inside (nss-3.14.3/mozilla/security/n ss/cmd/fipstest) .
The fipstest.c needs updating for FIPS SP800-90A testing to validate drbg .
Please refer to the following documents Validation document -> [link]... more »
|
|
|
