Rich Megginson wrote:
I've been looking at the problem of different libraries/different clients each with their own private key/cert db in a single process (for example, the Thunderbird ldap/nss_ldap problem). In this case, the user may want nss_ldap to keep its certs and keys (including ca certs) separate from those used by Thunderbird. I think it could work by first creating a token based on a unique key (e.g. to use the openldap config directives, a unique combination of cacertfile, cacertdir, certfile, and keyfile). Then call SECMOD_OpenUserDB() to create a private db based on that token, and import CA certs into this db (from pem files, for example). This function returns a PK11SlotInfo * - how do you get a CERTCertDBHandle * given that slot pointer? If I get this, I think I can use this to import certs, use for various VerifyCert functions, and even pass to SSL_CertDBHandleSet to use this cert DB for SSL.Err, are you trying to get a new CERTCertDBHandle. The function is an anachronism from and interface design that was never implemented. Once you call SECMOD_OpenUserDB(), all the certs and keys in the db are available for you to use (well you'll have to authenticate to it to get access to the keys).
The VerifyCert function will automatically pick up those certs to use. bob
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
