[xmlsec] signature verification failures using NSS with FIPS
aleksey at aleksey.com
Sat Jan 2 19:18:31 PST 2016
I think that application can call PK11_SetPasswordFunc() directly
On 1/2/16 9:34 AM, Roumen Petrov wrote:
> I would like to continue discussion.
> Aleksey please find my comments below.
> Lara Blatchford wrote:
>> We are using mod_nss 1.0.8, this appears to indicate that the bug
>> being described
>> was addressed in mod_nss 1.0.3
>> -----Original Message-----
>> From: Aleksey Sanin [mailto:aleksey at aleksey.com]
>> Sent: Thursday, June 25, 2015 12:55 PM
>> To: Lara Blatchford; xmlsec at aleksey.com
>> Subject: Re: [xmlsec] signature verification failures using NSS with FIPS
>> The first link.
> I don't think that result from internet queries could help .
> The main issue is that NSS module is in FIPS mode .
> I'm not sure that pages like
> could explain difference .
> It seems to me when module is in FIPS mode user should authenticate to
> it on each operation. In particular verify operation also requires user
> to enter password.
> xmlsec should use PK11_SetPasswordFunc to register password callback.
> It seems to me NSS test database is not protected by "master"-password
> and so test operations pass in non-FIPS.
> Roumen Petrov
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec