[EMAIL PROTECTED] wrote, On 2008-11-02 14:40: > In a previous post I got recommented to use PK11SlotInfos instead of > CERTCertDBHandles. > > But in order to use the OCSP functions I need to obtain a > CERTCertDBHandle, so I assume I have to go with the default cert > database. Am I right?
Yes, and no. Remember that in NSS 3.x, the thing named CERTCertDBHandle is not a handle to a cert DB at all. It is a handle to a trust domain. A trust domain includes all the cert DBs on which a single user relies. While it is conceptuablly possible for a single process to have multiple trust domains, for the case where that one process acts on behalf on multiple individual users independently of one another, such as in the case of a server acting as multiple virtual servers, in practice, (especially in the browser case) there is only ever one trust domain in use, and the function that returns the "default cert DB handle" actually returns the handle of the user's trust domain. > Or is there any other way to create a brand new > CERTCertDBHandle with my own certificates? Just call the function that returns the handle of the default trust domain. You won't regret it. /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
