OK, so now I'm really confused. I've done some testing and I am getting predictable but very confusing results.
I've figured out when the extra thawte cert shows up in my DB and screws things up. Note this is all with NSS 3.12 I built NSS 3.12 opt. Then I put the dylibs and the bin for certutil/signtool/pk12util into my /opt/local/bin directory. When I run certutil/pk12util, I get this result: Brand Thunder u,u,u Thawte Code Signing CA - Thawte Consulting cc ,, thawte ,, If I then move all the dylibs for NSS/NSPR into the same directory where I am running certutil/pk12util, and create a new database and do the EXACT same steps, I get: Brand Thunder u,u,u Thawte Code Signing CA - Thawte Consulting cc ,, NO thawte! If I then move the dylibds back to /opt/local/bin, I get the extra thawte I verified that if I rename the dylibs in /opt/local/bin, the tools don't load, so they are definitely using the versions in /opt/local/bin, not some other version on my system. So the problem seems to be (figure this one out) that when the NSS/NSPR libs are in /opt/local/bin, they are getting loaded/run incorrectly. I'm at a loss. Mike Kaply _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
