Thanks!
But is there anyway around to extract the trust flags. Due to the library
size limitation, i can not keep the library
in the database directory but i need to have the complete CA certificate in
the databass.
Thanks In Advance,
Samrat
On 6/28/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
>
> The trust flags are for internal usage of the NSS store and not really
> part of the CA certificates. You might find however the associated x.509key
> usage and
> x.509 extension in the certificate. Judging from your code snippet below,
> you extract the x.509 certificates, which don't have those trust flags.
>
> samrat saha wrote:
>
> Dear All,
>
> I was trying to create the CA store using the buildin CA certificates in
> libnssckbi library.
> I was extracting the certificate from the module using the following code
> snippet.
>
> cert_list = PK11_ListCertsInSlot(slot);
>
> for(cert_node = CERT_LIST_HEAD(cert_list);
> !CERT_LIST_END(cert_node, cert_list);
> cert_node = CERT_LIST_NEXT(cert_node)) {
>
> cert_b64 = BTOA_DataToAscii(cert_node->cert->
> derCert.data,
> cert_node->cert->derCert.len);
> fprintf(fp, "-----BEGIN CERTIFICATE-----\n");
> fprintf(fp, "%s\n", cert_b64);
> fprintf(fp, "-----END CERTIFICATE-------\n");
>
> PORT_Free(cert_b64);
>
> }
>
> I was using that backup file to restore the certificate to the database.
>
> While viweing the certificate with
>
> certutil -N -d .
>
> There was no Trust flags associated with the certificates. Allthough if i
>
> copy the libnssckbi.so to the directory flags are coming properly.
>
> I thought certificate flags are stored in the databse. Then why it is
> required to have the libnssckbi.so library in the certificate database.
>
>
>
>
> --
> Regards
>
> Signer: Eddy Nigg, StartCom Ltd.
> Jabber: [EMAIL PROTECTED]
> Phone: +1.213.341.0390
>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
