David Stutzman wrote:
I added some certificates to the libnssckbi.so built-ins module that
aren't CA certificates. I found I can grab them in the code by
prefixing their nickname with "Builtin Object Token:" when I call
PK11_FindCertFromNickname.
Sometimes when I pass the certificate in to CERT_VerifyCertificate, I
get an error -8179 which is SEC_ERROR_UNKNOWN_ISSUER and has a
description of "Peer's certificate issuer is not recognized" for some of
the certificates.
<snip>
OK, I did more testing and it seems the problem isn't my use of the
built-ins module.
I took the user certs out of the built-ins module and then created a
certdb with the same certs in it. I re-ran my program and got the same
-8179 on the same certs that I did before. Before I using
NSS_Initialize with the final parameter being NSS_INIT_NOCERTDB because
I only had a secmod and the libnssckbi.so with the user certs and CAs.
I went back to using NSS_Init after I created the cert8/key3.
Any ideas why it finds the chain for some but not others?
Dave
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
