BobR:I'm a little fuzzy on this, but is there some procedure with the way that he loads the PKCS#11 module that mitigates the need for the pin when reading certificates?
Matt: Another thing you might try is NSPR logging. I'm not sure if NSS makes extensive use of this but you can give it a try. export NSPR_LOG_MODULES=all:5 export NSPR_LOG_FILE=/tmp/nss.logAnother experiment would be to get into Firefox and use the UI to load CoolKey as a PKCS#11 module. Then use the UI to inspect the certs and observe if it is behaving strange here.
Another extreme thing to try would be to compile a debug version of NSS and try to catch the issue in the debugger.
Matt Anderson wrote:
Jack Magne wrote:Matt: You can try the following to get some debug info from CoolKey. 1. In the terminal from which you launch your app do: export COOL_KEY_LOG_FILE=/tmp/cool.txt 2. Run your program. 3. After it fails take a look at /tmp/cool.txt, it may have some clues.Unfortunately this file is empty when I try to use stunnel with coolkey. Which suggests to me that NSS isn't getting far enough to even query the coolkey module for my certificate.However when I run certutil I don't always have access to my certificate on my CAC card. Half the time it prompts me for my "CoolKey" password, the other time (when it works) it prompts me for the "Matt R Anderson" pin. I've attached those two log files so you can see them.-matt
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel