The trust flags are for internal usage of the NSS store and not really
part of the CA certificates. You might find however the associated x.509
key usage and x.509 extension in the certificate. Judging from your code
snippet below, you extract the x.509 certificates, which don't have
those trust flags.
samrat saha wrote:
> Dear All,
>
> I was trying to create the CA store using the buildin CA certificates in
> libnssckbi library.
> I was extracting the certificate from the module using the following code
> snippet.
>
> cert_list = PK11_ListCertsInSlot(slot);
> for(cert_node = CERT_LIST_HEAD(cert_list);
> !CERT_LIST_END(cert_node, cert_list);
> cert_node = CERT_LIST_NEXT(cert_node)) {
>
> cert_b64 = BTOA_DataToAscii(cert_node->cert->derCert.data,
> cert_node->cert->derCert.len);
> fprintf(fp, "-----BEGIN CERTIFICATE-----\n");
> fprintf(fp, "%s\n", cert_b64);
> fprintf(fp, "-----END CERTIFICATE-------\n");
> PORT_Free(cert_b64);
>
> }
>
> I was using that backup file to restore the certificate to the database.
>
> While viweing the certificate with
>
> certutil -N -d .
>
> There was no Trust flags associated with the certificates. Allthough if i
> copy the libnssckbi.so to the directory flags are coming properly.
>
> I thought certificate flags are stored in the databse. Then why it is
> required to have the libnssckbi.so library in the certificate database.
>
>
>
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: [EMAIL PROTECTED]
Phone: +1.213.341.0390
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
