On Oct 19, 10:49 am, Brian Smith <bsm...@mozilla.com> wrote:
> I will try to help you if you can wrap the code below in a complete program
> that I can compile and run using Visual Studio 2010.
>
> ----- Original Message -----
> From: "PeachUser" <anupama.jo...@gmail.com>
> To: dev-tech-cry...@lists.mozilla.org
> Sent: Tuesday, October 19, 2010 8:06:33 AM
> Subject: Re: problem Importing certificates in NSS db using Cert_importcerts -
>
> CAN Somebody please help me ???
> THanks
>
> On Oct 18, 12:32 pm, PeachUser <anupama.jo...@gmail.com> wrote:
> > I am implementing functionality which needs to take trusted root
> > certs from user and use it to do SSl handshake.
> > I use CERT_ImportCert
> > I read a DER file get the data and length , create SECItem and then
> > pass it to the CERt_importCerts.
> > I am keeping both the "keepcerts" and "isCA" flags true.
> > and I am also passing a nickname .
> > But in the CertArray (return value) the cert does not seem to get the
> > nick name .
> > If I do certutil -L , I do not see this cert there.
> > what am I doing wrong ? Pl. let me know. I have spent lot of days
> > debugging this but cant get anywhere.
> > Thanks in advance ..
> > Here is my code ...
> > SECItem ** rawArray;
> > CERTCertificate ** certArray = NULL;
> > for(U32 i=0; i<m_certs.size(); i++){
>
> > BYTE *buf = m_certs.get(i);
> > U32 len = m_lenArr.get(i);
>
> > SECItem certItem ;
>
> > certItem.data = buf;
> > certItem.len = len;
> > certItem.type = siDERCertBuffer;
> > trustedCerts[i] = certItem;
>
> > }
>
> > PLAYEROUTPUT((" in Add trusted certs after getting certs in
> > trusted certs -setServerRootCertificate\n"));
>
> > rawArray = (SECItem **) PORT_Alloc(sizeof(SECItem *) *
> > (m_certs.size()));
> > PLAYEROUTPUT((" in Add trusted certs -allocating memory -
> > setServerRootCertificate\n "));
> > if(! rawArray) {
> > PLAYEROUTPUT((" NO Raw Array \n"));
> > }
> > for(U32 i =0 ; i < m_certs.size() ; i++ ){
> > rawArray[i] = &trustedCerts[i];
> > }
> > PLAYEROUTPUT((" in Add trusted certs - raw array populated -
> > setServerRootCertificate\n"));
> > char nickname [] = "UserRootCert";
> > SECStatus rv =
> > CERT_ImportCerts(CERT_GetDefaultCertDB(),certUsageSSLServer,m_certs.size(),rawArray,&certArray,
> > PR_TRUE,PR_TRUE,nickname);
> > if(rv != SECSuccess ){
> > PLAYEROUTPUT((" unable to insert certificate in DB -
> > setServerRootCertificate\n "));
> > }
> > else if(certArray == NULL ){
> > PLAYEROUTPUT((" unable to insert certificate in DB certArray
> > is null -setServerRootCertificate\n "));
> > }
> > else if( certArray[0] ==NULL){
> > PLAYEROUTPUT((" unable to insert certificate in DB
> > certArray[0] is null -setServerRootCertificate\n "));
> > }
>
> > CERTCertTrust *trust = NULL;
> > trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
> > char trustsetting []= "c,c,c";
> > rv = CERT_DecodeTrustString(trust, trustsetting);
> > if (rv) {
> > PLAYEROUTPUT(("unable to decode trust string"));
>
> > }
>
> > CERTCertificate *cert1 = NULL;
>
> > for(U32 i=0; i< 1; i++){
> > cert1 = certArray[i];
> > rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert1,
> > trust);
> > if (rv != SECSuccess) {
> > PLAYEROUTPUT(("could not change trust on certificate"));
>
> > }
> > }
>
> --
> dev-tech-crypto mailing list
> dev-tech-cry...@lists.mozilla.orghttps://lists.mozilla.org/listinfo/dev-tech-crypto
I am using NSS on linux as a part of a bigger project. To implement
similar functionality on windows I used windows system APIs. If you
have any working example pl. share with me.
Thanks
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
