[Bug 356] keytool doesn't handle SHA384withECDSA signatures
bugzilla-daemon at icedtea.classpath.org
bugzilla-daemon at icedtea.classpath.org
Tue Jul 7 09:35:11 PDT 2009
http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=356
------- Comment #3 from ankostis at gmail.com 2009-07-07 16:35 -------
Managed to import COMODO's ECC certificate.
This bug is present also in sun's JDK and it gets fixed as prescribed by
Andreas Sterbenz:
http://blogs.sun.com/andreas/entry/the_java_pkcs_11_provider
We need to add the 'sun.security.pkcs11.SunPKCS11' provider with a single
config-arg pointing to a file containing the following properties:
name = NSS
nssLibraryDirectory = /usr/lib
nssDbMode = noDb
attributes = compatibility
Tested on:
* Gentoo, needs devlibs/nss installed and a minor config modification:
nssLibraryDirectory=/usr/lib/nss
and it works ok.
* Debian just needs libnss3-1d installed, and it also works ok.
* Fedora's NSS, by default is compiled most probably *without* ECC!
So it fails.
(see:
http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html)
--
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the distro-pkg-dev
mailing list