Confirmed users
299
edits
Security/CryptoEngineering/Platform Use of NSS: Difference between revisions
Security/CryptoEngineering/Platform Use of NSS (view source)
Revision as of 23:50, 17 November 2016
, 17 November 2016→The NSS Certificate Nickname API: mention option of removing nickname APIs
(→Use of PK11_GetInternalKeySlot(): add note on PK11SDR_*) |
(→The NSS Certificate Nickname API: mention option of removing nickname APIs) |
||
| Line 18: | Line 18: | ||
==== The NSS Certificate Nickname API ==== | ==== The NSS Certificate Nickname API ==== | ||
NSS exposes APIs whereby certificates can be referred to by nickname. Certificates on tokens other than that returned by PK11_GetInternalKeySlot prefix their nickname with the name of the token. Because platform code now must operate on a token that isn't the internal one, this behavior must be worked around by special-casing unprefixed nicknames when using these and related APIs. | NSS exposes APIs whereby certificates can be referred to by nickname. Certificates on tokens other than that returned by PK11_GetInternalKeySlot prefix their nickname with the name of the token. Because platform code now must operate on a token that isn't the internal one, this behavior must be worked around by special-casing unprefixed nicknames when using these and related APIs. | ||
Alternatively, we could remove and/or rework XPCOM interfaces that expose the NSS nickname API and replace them with an equivalent mechanism that doesn't have this and other drawbacks (see the discussion in [https://bugzilla.mozilla.org/show_bug.cgi?id=857627 bug 857627]). | |||
==== Loading New PKCS#11 Modules ==== | ==== Loading New PKCS#11 Modules ==== | ||