I'm looking at the functions CERT_VerifyCertificate and
CERT_VerifyCertificateNow and see it has 2 parameters of type
SECCertificateUsage, one required and one returned. What is the purpose
of the returned one? I checked the certutil code and the same variable
is being passed into the verify function and the return is never
checked. (ValidateCert on line 750 of certutil.c, "usage" declared on
756, passed into the verify method on 816 and never looked at again in
the method.)
I'm generating and verifying digital signatures in my application. Do I
need to slurp out the key usages from the certificate and make sure
digital signature and non-repudiation are present before I do the verify
or is passing in the requiredusages of "certificateUsageEmailSigner" to
CERT_VerifyCertificate good enough? Does NSS care that the signing
going on has nothing to do with email? I figured object signing wasn't
really appropriate.
I'm using NSS 3.11.2.
Thanks,
Dave
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
