On 01/09/2015 08:07 AM, Roger Dunn wrote: > I need to enumerate the certs in my local store, and in my testing, > only user certs can be enumerated using the get_cert_nicknames api. > It also appears to be the only exposed api for listing certs in the > db. I'm using the ver 0.12 version of python-nss. > > The function get_cert_nicknames takes a parameter which lists ALL > certs, USER certs, CA certs, SERVER certs. I have a mix of user and > valid CA certs in my nssdb, and the only flag that works is > "nss.SEC_CERT_NICKNAMES_USER", and does indeed return my user certs. > > > I'm unable to programmatically discover other certs using this api. > > After reviewing the nss 'C' source code, I noticed a #ifdef > surrounding the sections that handle the other 3 cases. Is this > functional, and if not, is there some other mechanism to enumerate > the certs? >
There was an almost identical question posted last night by tahoeki...@gmail.com with the subject "nss-python issue". I assume this is a duplicate post by the same person, yes or no? In any event if you tracked the problem down to a specific location in the source code it would help if you included that information. I located the problematic code: file: lib/certhigh/certhigh.c line: 371 function: CollectNicknames I have no idea why this logic is commented out. FWIW I did code up a simple python-nss test and reproduced the behavior. The problem has nothing to do with python-nss. python-nss simply calls the NSS function CERT_GetCertNicknames(). Maybe one of the core NSS developers can shed light on why the code is commented out. My suggestion would be to file a bug against NSS. https://bugzilla.mozilla.org/enter_bug.cgi?format=guided#h=bugForm|NSS|Libraries -- John -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
