David Stutzman wrote:
I use certutil -L -d dbdir -h all to show all of certificates in the db as well as the roots module and I have "p,p,p" for all the user certs as well as the intermediate CAs and "C,C,p" for the Root CAs. Does anyone know why addbuiltin is appearing to ignore any trust flag except "C"?
I looked over the code for addbuiltin and found that it basically ignored the little c trust flag that I was passing in to the command. I edited the source for that command and rebuilt NSS then I rebuilt my libnssckbi.so using the modified addbuiltin and it put the proper trust flags into the certdata.txt for me. Now all of my root CAs have "C,C,C" and my intermediate CAs have "c,c,c".
Is there any reason why addbuiltin doesn't support all the trust flags that the documentation for it lists other than the fact that the nssckbi is used primarily for root certificates?
Created bug #348882 with a diff to the change I made to addbuiltin which consists solely of an additional if block.
https://bugzilla.mozilla.org/show_bug.cgi?id=348882 Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
