Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-5091008

Add support for NSS trust attributes

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 6
    • Fix Version/s: None
    • Component/s: security-libs
    • Labels:

      Description

      NSS currently does not support the standard CKA_TRUSTED attribute and has defined its own trust attributes. We currently do not examine these NSS attributes, so any NSS token (softtoken or their trust anchor token) will show up without any trusted certificates in the PKCS11 KeyStore.

      This is a significant limitation for applications that want to access the NSS databases from Java (e.g. JES stack and Plugin). Supporting those attributes may also allow us to add trusted certificates to NSS tokens, which is something that is not possible with the CKA_TRUSTED attribute, which is defined as read-only in PKCS#11.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                andreas Andreas Sterbenz
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: