I working on what should be (or so I thought) a simple program to update a web site certificate in the mod_nss database (when a new certificate is retrieved from Let's Encrypt).
The basic process I am using is: 1. Initialize the library 2. Parse the new certificate (from a PEM file) 3. Delete any pre-existing certificates 4. Import the new certificate 5. Shutdown the library (Apache is shutdown during this process, so concurrent access shouldn't be an issue.) It seems simple enough, but step #3 is proving to be difficult. In my testing, I have found that any of the *_FindCerts*Nickname functions are returning SEC_ERROR_BAD_DATABASE in the case when there are no pre- existing certificates. How can I distinguish between the "no such certificate exists" case and the "your database is corrupt" case? -- ======================================================================== Ian Pilcher arequip...@gmail.com -------- "I grew up before Mark Zuckerberg invented friendship" -------- ======================================================================== -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
