Biswatosh wrote:
If possible, how do I extract them back again using certutil? The structute CERTCertificateStr does not seem to have any member with name close to "alternativeissuername". Could you pls tell which member of this structure holds the alt issuer names?
Issuer alternative name is an X.509 Certificate extension defined in section 4.2.1.8 of RFC 2459 (http://www.ietf.org/rfc/rfc2459.txt). You can get to that in NSS via the "extensions" member of the CERTCertificateStr structure (http://lxr.mozilla.org/security/source/security/nss/lib/certdb/certt.h#251). You will need to do some parsing to get at it.
BTW, on an unrelated note, does anyone know the difference between lxr.mozilla.org and mxr.mozilla.org? I originally went here: http://mxr.mozilla.org/security/source/data/lxr-data/security/mozilla/security/nss/lib/certdb/certt.h#224 and it says the file doesn't exist. I looks like mxr serves up lxr info, but is broken.
Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
