Stephen Hamilton wrote:
Cert_NewTempCertificate was not exported initially because it was not clear it could be supported in the 'new' certificate model NSS was moving towards. The is no longer a fear, and coupled with the fact there were several legitimate uses for the call. it was decided it should actually be public, though as wan-teh points out, we haven't exported it yet (though we should).Nelson,Thanks for the quick response. Cert_NewTempCertificate works well with the redefinition statement from nssrenam.h. This is for my Master's project, so I needed an explanation of what was going on, and this helps tremendously.Stephen
Cert_DecodeDERCert is another matter. It creates a decoded certificate structure, but does not build a proper CERTCertificate (lacking the things CERT_NewTempCertificate does). This makes it unsafe for general applications, and for the most part it it's use in NSS is limited to those areas that it is deemed 'safe', unfortunately one of those areas is the S/MIME shared library, so NSS needs to export some symbol for that. CERT_NewTempCertificate itself calls CERT_DecodeCERCert(), so it makes a reasonable alternative.
bob
Nelson Bolyard wrote:Stephen Hamilton wrote, On 2008-02-23 10:40:Hi,I'm new to the list, and I've been working with NSS on a project that requires smartcard/CAC interaction. I've pretty much gotten it to work the way I want, but I stumbled on something that doesn't make much sense.I tried to use the Cert_DecodeDERCertificate() function, and although it exists in cert.h, it wasn't found in the library during linking. After doing a grep & strings on libnss, I found it to be __Cert_DecodeDERCertificate. I replaced this in my code, and it works now. Is this the right way to do it, or did I do something backwards?Several comments. 1. Functions whose names start with double underscore are considered to be private to NSS, for use by other NSS shared libraries, not for use by applications. 2. There is one exception to that rule. We've decided that CERT_NewTempCertificate is really not private, even though it persists in having a double-underscore prefix. You should probably be using CERT_NewTempCertificate rather than Cert_DecodeDERCertificate. 3. Applications and libraries that are part of NSS itself use a trick to get past the double underscores. They #include the private NSS header file nssrenam.h. You'll understand why when you look at it. I don't recommend that you #include that file, but you can borrow the technique it uses for CERT_NewTempCertificate. Hope this helps. /Nelson_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
