Menu
▾
▴
Re: [Opensc-devel] Firefox Extension to install the opensc module
|
From: David W. <dw...@in...> - 2015-10-15 11:38:07
|
On Mon, 2015-10-12 at 20:01 +0300, Martin Paljak wrote: > On 12/10/15 19:30, Jean-Pierre Münch wrote: > > Am 12.10.2015 um 11:27 schrieb Johannes Becker: > > > Hi, > > > > > > our Firefox extension > > > > > > https://chipkarte.hrz.uni-giessen.de/opensc-pkcs11-install.xpi > > > > > > installs opensc-pkcs11.dll as a cryptographic module. It will > > > not work > > > any more with Firefox 43 because it is not signed by Mozilla. > > > > > > Is there a signed extension around? > > Hi, > > > > You theoretically just could submit it for signing yourself (if you > > develop it yourself). > > The wiki entry should explain the how-to: > > https://wiki.mozilla.org/Add-ons/Extension_Signing > > > There's also: > > https://addons.mozilla.org/en-us/firefox/addon/est-pkcs11-load/ > > Source: https://github.com/open-eid/firefox-pkcs11-loader In most cases on Linux and similar platforms, installing any specific PKCs#11 module such as OpenSC is actually the wrong thing to do. Such platforms have a system-wide configuration which indicates which PKCS#11 modules should be loaded into which process. It's handled by p11-kit: http://p11-glue.freedesktop.org/doc/p11-kit/pkcs11-conf.html The above-referenced extensions are basically just working around Mozilla bug #1161219, which is the fact that NSS (and hence Firefox) doesn't *obey* the system configuration. The best way to work around that bug — after you've ensured that bugs are filed in your distribution of choice and that your vote is added to the upstream bug at https://bugzilla.mozilla.org/1161219 — is to load the p11-kit-proxy.so module. That, in turn, will inspect the system configuration and load the appropriate modules. -- David Woodhouse Open Source Technology Centre Dav...@in... Intel Corporation |
