NSS seems to not support more than 10 pkcs12 objects on a pk11 token



3 years ago
2 years ago


(Reporter: daniel.rodriguez, Unassigned)


(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Steps to reproduce:

Have a PKCS11 module (no login required) with 10 or more PKCS12 objects (i.e. 30 objects counting: public key, private key and certificate for each PKCS12 installed).
Open Firefox and load that module.
Close Firefox and reopen it.
Without going to advanced options and watching the list of certificates go to use one of these certificates for auth in any allowed webpage.

Actual results:

Firefox can not find the certificate and returns "handshake error".

Expected results:

Firefox should be able to find the certificate corresponding to this webpage.

Also, if you open the list of certificates, the issue does not reproduce.

In the PKCS11 module, the function findobjects is returning pulObjectCount with value 10 because ulMaxObjectCount is 10, so according the RSA documentation , while pulObjectCount is different than 0 the function "findobjects" should be called again, but is not.
Priority: -- → P3
Summary: pkcs11 → NSS seems to not support more than 10 pkcs12 objects on a pk11 token
You need to log in before you can comment on or make changes to this bug.