I was looking at our CA root list, and a lot of them seem like
"specialist" CAs that would only issue certs for a limited range of
hostnames. Could we formalize this, and have CAs indicate any such
restrictions as part of their application, then enforce it on our end?
That would limit the exte
Is there any public info on what the plans are on updating the trunk NSS tag to
pull in the codesize improvements made recently? Or has it already happened?
Once it happens, I'd like to look at the remaining codesize issues, if any, so
it would be nice if this code ended up on trunk for wider t
Robert Relyea wrote:
> This is correct, NSS will regenerate the CERTCertificate from a
> DERCertificate. Note: if the underlying system has changed (the user has
> editted the trust flags), then deserializing will not produce exactly
> the same CERTCertificate. On the other hand, I don't think y
Kai Engert wrote:
> nsIX509Cert expects the underlying CERTCertificate to be complete and
> valid, and serializing/restoring it based on the DER representation will
> ensure it.
The message I got from Nelson's reply is that the DER representation doesn't
actually capture everything about the CE
Nelson B wrote:
> If all you need is to serialize the certificate itself, just copy the
> DER certificate. If you need any other those other things, then ...
> it's less clear how to do that.
Let me explain more about my use cases. What I am actually working on is
serializing nsPrincipal object
I'm looking into serializing and deserializing principals, and to do this for
certificate principals I would need to be able to save out an nsNSSCertificate.
This means saving a CERTCertificate, in addition to various other things that
I think I know how to save out.
Is there a way to seriali
Nelson Bolyard wrote:
¿Is there any way to revoque this decision?
Edit your prefs.js file
-Boris
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
7 matches
Mail list logo
