I am implementing functionality which needs to take trusted root
certs from user and use it to do SSl handshake.
I use CERT_ImportCert
I read a DER file get the data and length , create SECItem and then
pass it to the CERt_importCerts.
I am keeping both the "keepcerts" and "isCA" flags true.
and I am also passing a nickname .
But in the CertArray (return value) the cert does not seem to get the
nick name .
If I do certutil -L , I do not see this cert there.
what am I doing wrong ? Pl. let me know. I have spent lot of days
debugging this but cant get anywhere.
Thanks in advance ..
Here is my code ...
SECItem ** rawArray;
CERTCertificate ** certArray = NULL;
for(U32 i=0; i<m_certs.size(); i++){
BYTE *buf = m_certs.get(i);
U32 len = m_lenArr.get(i);
SECItem certItem ;
certItem.data = buf;
certItem.len = len;
certItem.type = siDERCertBuffer;
trustedCerts[i] = certItem;
}
PLAYEROUTPUT((" in Add trusted certs after getting certs in
trusted certs -setServerRootCertificate\n"));
rawArray = (SECItem **) PORT_Alloc(sizeof(SECItem *) *
(m_certs.size()));
PLAYEROUTPUT((" in Add trusted certs -allocating memory -
setServerRootCertificate\n "));
if(! rawArray) {
PLAYEROUTPUT((" NO Raw Array \n"));
}
for(U32 i =0 ; i < m_certs.size() ; i++ ){
rawArray[i] = &trustedCerts[i];
}
PLAYEROUTPUT((" in Add trusted certs - raw array populated -
setServerRootCertificate\n"));
char nickname [] = "UserRootCert";
SECStatus rv =
CERT_ImportCerts(CERT_GetDefaultCertDB(),certUsageSSLServer,m_certs.size(),rawArray,&certArray,
PR_TRUE,PR_TRUE,nickname);
if(rv != SECSuccess ){
PLAYEROUTPUT((" unable to insert certificate in DB -
setServerRootCertificate\n "));
}
else if(certArray == NULL ){
PLAYEROUTPUT((" unable to insert certificate in DB certArray
is null -setServerRootCertificate\n "));
}
else if( certArray[0] ==NULL){
PLAYEROUTPUT((" unable to insert certificate in DB
certArray[0] is null -setServerRootCertificate\n "));
}
CERTCertTrust *trust = NULL;
trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
char trustsetting []= "c,c,c";
rv = CERT_DecodeTrustString(trust, trustsetting);
if (rv) {
PLAYEROUTPUT(("unable to decode trust string"));
}
CERTCertificate *cert1 = NULL;
for(U32 i=0; i< 1; i++){
cert1 = certArray[i];
rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert1,
trust);
if (rv != SECSuccess) {
PLAYEROUTPUT(("could not change trust on certificate"));
}
}
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
