On Tue, Aug 19, 2008 at 9:23 AM, Dennis Darch <[EMAIL PROTECTED]> wrote: > In the next update of our software product we are using NSS 3.11.9 to > upgrade our LDAP client to support LDAP/SSL. I would like to include in our > documentation a list of the public certificate authorities that would be > trusted without having to be added to the client's cert8.db. Where would I > look in the source code to find that list?
You can find the list as follows. 1. Check out the NSS 3.11.9 source tree from CVS. cvs -d :pserver:[EMAIL PROTECTED]:/cvsroot co -r NSS_3_11_9_RTM NSS Or download the source tar file from https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_11_9_RTM/src/nss-3.11.9.tar.gz 2. The list is in the source file mozilla/security/nss/lib/ckfw/builtins/certdata.txt > A second but related question: It is my understanding that if a customer > obtained a certificate for their LDAP/SSL server from some certificate > authority that was authorized (or whatever the precise term is) by one of > those default authorities, then we would expect the server to send the full > certificate chain to the client so that it would trust the server's > certificate. Is that correct? The server needs to send the full certificate chain (the root CA certificate may and is often omitted) to the client. Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
