I'm doing some work with stored certs and have a problem which I'm not sure is a bug or an incomplete feature.
Specifically, the API get_cert_nicknames() When passed the parameter nss.SEC_CERT_NICKNAMES_USER it returns the list of user certs correctly. However any other parameter returns nothing at all. SEC_CERT_NICKNAMES_CA SEC_CERT_NICKNAMES_ALL SEC_CERT_NICKNAMES_SEVER The 3 above return an empty list. I have 2 user certs and 2 valid CA certs in the database. Certutil displays them fine. I dug into the nss library 'C' source code for the underlying function and found that the 3 items that do not work are surrounded with a #ifdef, whereas the SEC_CERT_NICKNAMES_USER is not. It looks suspiciously as if this code is not actually compiled into the framework. All of the examples and tests are only using the 'USER' flavor as well. I am storing a server cert, along with a pair of CA certs which are the CA chain of the server cert. I am programmatically given parameters to extract the server cert and private key (that part works fine), but I then need to be able to use the data in that cert to discover the parent certs for it, via the get_cert_nicknames list, where I can then retrieve and compare each to see if they are in the CA chain of the server cert. It appears this is the only way to walk the list of certs in the nssdb from the NSS code. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
