DanKegel wrote, On 2008-11-20 16:23: > Hi folks. I'm having some trouble using CERT_ImportCerts. > A minimal demo of the problem is at > http://kegel.com/cert-import-demo.cc
> First problem: > Decoding fails because NSSBase64_DecodeBuffer appears > to barf on the trailing ---END CERTIFICATE---. > Am I using this function properly? No. That function isn't a PEM decoder. It's a base64 decoder. Base64 is the format of the stuff in between a typical -----BEGIN and -----END line that you find in PEM files. To use that function properly you need to strip off the leading and trailing lines from your buffer. Stripping off merely part of your last line (as the sample code does) isn't enough. > It seems to have code to skip trailing garbage, but evidently it's too > fragile to ignore this common trailer. It's supposed to process only pure base64-encoded data. The typical PEM trailer -----END <whatever>----- isn't base64 encoding. It's appropriate for the base64 decoder to dislike that. > Second problem: > Importing fails. The error is -8187, SEC_ERROR_INVALID_ARGS > Stepping through the code, I think I see it first not believing > it's a root cert, and then complaining that it doesn't recognize > the authority (no surprise there, if it doesn't think it's a root > cert). When I change the sample program so that cert_text no longer contains the -----BEGIN and -----END lines, and so that the value assigned to len no longer includes the trailing NUL character, then when I run the program, it outputs: Loaded certificate! _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
