On 2009-09-25 18:17 , Robert Relyea wrote: > On 09/25/2009 04:39 PM, Kathleen Wilson wrote: >> Note that I am operating under the assumption that there is currently >> no way in NSS to mark a root certificate as “untrusted”. Please let me >> know if this assumption is incorrect. >> > There are 3 states we can report about a certificate: trusted, unknown, > and untrusted.
Bob, I suggest you look at this bug. https://bugzilla.mozilla.org/show_bug.cgi?id=distrust In short, it says that, while we have code in softoken that knows how to record (in legacy DBs) that a cert is actively distrusted, we don't know how to represent that or handle it outside of softoken. /N -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
