Re: Unknown Error -8016

207 > ). > > Cheers, > David > > On 03/30/2016 12:49 PM, Nicholas Mainardi wrote: > > Hello, > > > > I am parsing and validating a sample of certificate chains. I am using > > PKIXVerifyCert function, and i check the error code in case it returns > >

Unknown Error -8016

Hello, I am parsing and validating a sample of certificate chains. I am using PKIXVerifyCert function, and i check the error code in case it returns SECFailure. On a chain which is made by only one certificate, I got error -8016. However, I don't find it neither in this list

Re: [NSS] X509 Certificate Chain Verification Example

ll that I check in DB of libnsspcki.so and the trust flags are C,C,C. Hence, which flags are needed in order to be considered trusted? Thank You, Nicholas 2016-02-15 23:41 GMT+01:00 Nicholas Mainardi : > Please, could someone give me a hint about this issue? Deadline for my > testing prog

Re: [NSS] X509 Certificate Chain Verification Example

input chain used in PKIXVerifyCert, and it's properly working. It should mean that the root self-signed certificate should be marked as trusted my softoken DB. Thank You, Nicholas 2016-02-11 1:42 GMT+01:00 Nicholas Mainardi : > I'm quite sure that the certificate should be trusted. I fo

Re: [NSS] X509 Certificate Chain Verification Example

ification, otherwise your verification will always fail. > If you have no trusted CAs, then all verifications will always fail. > > The same will be true whether you are using the legacy chain verification > code in NSS, or libpkix. > > Julien > > On 2/10/2016 05:26, Nichol

Re: [NSS] X509 Certificate Chain Verification Example

with the same input but with the module loaded, the error turns into -8172. Hence, either the aforementioned checks are done after the chain has been built, or the the error is raised when the root cert found in the module is being added to the built chain. Thank You, Nicholas 2016-02-09 18:24

Re: [NSS] X509 Certificate Chain Verification Example

arameter of CERT_PKIXVerifyCert some usages. If someone can point me out why this happens, and confirm the possible issues I have found, it would save me a lot of time. Thank You, Nicholas 2016-02-09 13:57 GMT+01:00 Nicholas Mainardi : > Anyone up for a possible solution? > > 2016-02

Re: [NSS] X509 Certificate Chain Verification Example

Anyone up for a possible solution? 2016-02-06 14:51 GMT+01:00 Nicholas Mainardi : > If I remove cert_pi_certList from the array, invalid_args error turns into > untrusted_issuer error (-8172). So, it seems that even if I don't add the > intermediate CA certificate in certList, the

Re: [NSS] X509 Certificate Chain Verification Example

ly, > your chain is possibly incomplete. > Thus, you don't really want to use cert_pi_certList anyway, as that would > imply no more building. > > I think if you remove the cert_pi_certList, and if you have a trust anchor > in your softoken cert DB, then the rebuilding+valid

Re: [NSS] X509 Certificate Chain Verification Example

support things like policy checks, you can use libpkix . > Look for CERT_PKIXVerifyCert . There are examples of usage in the NSS test > programs vfychain and tstclnt . > The library supports many more options than may be tested, though. > > Julien > > On 2/3/2016 08:37

[NSS] X509 Certificate Chain Verification Example

Hello, I'm comparing different libraries to verify X509 certificate chains. I had some issues to find how to use NSS to perform this task. At the end, I managed to get a working code with one certificate chain. You can find the code in this question