Re: [NSS] X509 Certificate Chain Verification Example

CERT_VerifyCertNow is a legacy API that does not support the full set of RFC 3280/5280 features. To support things like policy checks, you can use libpkix . Look for CERT_PKIXVerifyCert . There are examples of usage in the NSS test programs vfychain and tstclnt . The library supports many more

[NSS] X509 Certificate Chain Verification Example

Hello, I'm comparing different libraries to verify X509 certificate chains. I had some issues to find how to use NSS to perform this task. At the end, I managed to get a working code with one certificate chain. You can find the code in this question

Re: [ANNOUNCE] NSS 3.22 Release

Kai Engert wrote: > The NSS team has released Network Security Services (NSS) 3.22, > which is a minor release. > > New functionality: > * RSA-PSS signatures are now supported (bug 1215295) > * Pseudorandom functions based on hashes other than SHA-1 are now supported To clarify: Our PBKDF2 implem

[ANNOUNCE] NSS 3.22 Release

The NSS team has released Network Security Services (NSS) 3.22, which is a minor release. New functionality: * RSA-PSS signatures are now supported (bug 1215295) * Pseudorandom functions based on hashes other than SHA-1 are now supported * Enforce an External Policy on NSS from a config file (bug