Good deal, thanks. On Sat, Jan 23, 2010 at 1:38 AM, Wan-Teh Chang <w...@google.com> wrote:
> 2010/1/18 Kai Chan <nahc...@gmail.com>: > > Hi, > > > > In cert.h > > ( > http://mxr.mozilla.org/security/source/security/nss/lib/certdb/cert.h#714 > ), > > there is a line about obsolete functions: > > **OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW > > CODE > > > > And also in certvfy.c > > ( > http://mxr.mozilla.org/security/source/security/nss/lib/certhigh/certvfy.c#1533 > ): > > /* obsolete, do not use for new code */ > > > > That's all functions below those lines that use SECCertUsage? What > version > > would you be expecting to phase them out? > > The comment means you should use CERT_VerifyCertificate and > CERT_VerifyCertificateNow instead if you're writing new code: > > http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/cert.h&rev=1.79&mark=684,692,699#683 > > CERT_VerifyCert and CERT_VerifyCertNow will not be removed. > > Would "deprecated" be less confusing than "obsolete"? > > I also encourage you to try the new CERT_PKIXVerifyCert > function. It is very hard to use, and has some bugs, but it > supports RFC 5280 better. The best sample code for > CERT_PKIXVerifyCert is in Chromium because Firefox > uses CERT_PKIXVerifyCert only for EV certificate > verification: > > http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate_nss.cc?view=log > > Wan-Teh > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
