Stack Overflow
Stack Overflow

Questions tagged [nss]

Network Security Services (NSS) is a set of libraries designed and maintained by Mozilla to support cross-platform development of security-enabled client and server applications.

Network Security Services (NSS) is a set of libraries designed and maintained by Mozilla to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

169 questions
3
votes
0 answers

NSS lib PK11_PrivDecryptPKCS1 function documentation

Where can I find the complete documentation for Mozilla's NSS library functions, specially the PK11_PrivDecryptPKCS1 function ? I can only find a page that leads to the source code, without any…
Nelson Teixeira
  • 6,297
  • 5
  • 36
  • 73
3
votes
1 answer

How to build only certutil from NSS?

I am making a small utility that will load all Firefox profiles on a machine with a custom CA. I have been successful using the certutil binary as part of NSS Tools. However, I was wondering how portable I can make certutil? Is it possible to…
Tyler
  • 889
  • 1
  • 11
  • 17
3
votes
0 answers

Use ldap for auth (via pam) but /etc/passwd for uid and guid

I am a newbie on PAM and NSS so please be gentle. I have the following scenario: I have access to a ldap database but I have no control over its administration (so please do not say that the proper fix is to fix the database, I know that already…
Jonas Karlsson
  • 31
  • 4
3
votes
1 answer

Trouble including NSS header Files

Very recently, I had this idea to start using Mozilla NSS and to learn to use it, so that somewhere in the future, i can use it, or can atleast start contributing to it. So i went to its Website and cloned it source code into a director "NSS" using…
Ayush choubey
  • 606
  • 6
  • 23
3
votes
1 answer

Build Mozilla NSS statically linked

Has anyone been able to build NSS statically linked? I actually only need to build certutil and pk12util statically linked. I've seen that Chromium is building NSS statically, and they even have a patch file, but the whole build process is quite…
Mike
  • 609
  • 12
  • 36
3
votes
3 answers

Java 8 64 bit on Windows with NSS for FIPS 140 compliance

According to JEP 131, Java 8 should provide a PKCS#11 Crypto provider for 64 bit Windows: https://blogs.oracle.com/mullan/entry/jep_131_pkcs_11_crypto. With that in mind, I downloaded and built both 32 and 64 bit versions of NSS with NSPR using…
Jon H
  • 339
  • 7
  • 18
3
votes
1 answer

How to initialize provider for pkcs11?

I want to use nss as a provider for pkcs11 and I'm coding in java, on oracle JRE and ubuntu 64bit. I tried 2 different wrappers, iaik and SunPKCS11 but in both I had the same problem. For my provider, I first tried to use libnss3.so and each time I…
Saeed
  • 7,262
  • 14
  • 43
  • 63
3
votes
2 answers

Why do NSS modules have to end in .so.2 on Linux?

I've built a Name Service Switch Module for Red Hat Linux. Using strace, I've determined that the OS looks for the library in various directories, but only for files with the extension .so.2 (e.g. libnss_xxx.so.2, where xxx is the service name) Why…
Tim Bellis
  • 1,607
  • 3
  • 14
  • 24
2
votes
2 answers

Strange timeout with PHP cURL and SSL

I'm experiencing strange timeouts using cURL with PHP when trying to access Amazon Cloudfront. This seems to affect all invalidation requests, creating distributions etc. cURL either reports receiving 0 bytes, or very few bytes, and then time-out:…
gingerlime
  • 5,206
  • 4
  • 37
  • 66
2
votes
1 answer

Is getpwnam_r() reentrant a requirement?

getpwnam_r() is reentrant according a number of manpages. However, the standard only state The getpwnam_r() function is thread-safe and returns values in a user-supplied buffer instead of possibly using a static data area that may be overwritten by…
Cha Cha
  • 95
  • 7
2
votes
2 answers

Is it possible to override / bypass nscd?

I am making an NSS module answers depending on the name of the caller. For example, if sshd calls getpwnam_r(...), the pw_shell will be /bin/bash; if telnetd calls getpwnam_r(...), the pw_shell will be /bin/ksh. A prototype is made and it works.…
Cha Cha
  • 95
  • 7
2
votes
0 answers

PKCS11Exception when creating MAC instance on OpenJDK 11 in fips mode

I’m trying to run the following code on an Oracle Linux Server 8.3, with openjdk 11.0.9 in fips mode. import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base32; public class TestMAC { public…
David Harris
  • 705
  • 1
  • 7
  • 16
2
votes
0 answers

JDK11 TLS v1.2 negotiation fails when using NSS-Fips with SunPKCS11 java.security.InvalidKeyException: No installed provider supports key

When upgrading Java 8 to Java 11 - SSL TLSv1.2 Handshake fails with the following error when using SunPKCS11 and NSS with FIPS enabled. The SSL negotiation works when using TLSv1.1 or when using Java 8.…
Praveena
  • 21
  • 1
  • 4
2
votes
0 answers

Are multiple sources in nsswitch.conf merged for getpwent?

Say I made a custom nss module called foo which defines abides by the required API: #include enum nss_status _nss_foo_getpwnam(const char *name, struct passwd *result, char *buf, size_t buflen, int *errnop); enum nss_status…
Bailey Parker
  • 15,599
  • 5
  • 53
  • 91
2
votes
1 answer

How does OpenSSL/Mozilla NSS RSA sign and verify (PK11_Sign, PK11_Verify, PK11_VerifyRecover functions) work?

I have my RSA public and private keys (all of p,q,e,n,d) in PEM format. I am curious to know: How PK11_Sign(), PK11_Verify() and PK11_VerifyRecover() (from OpenSSL/Mozilla NSS library) work with RSA? How the padding is applied to the input message…
gsbabil
  • 7,505
  • 3
  • 26
  • 28
1 2
3
11 12