POC wrote:
Hello,The addbuiltin cmd creates a certdata.txt, which is then used to build the nssckbi lib. A couple of things about that: 1. The new certdata.txt does not get processed properly by certdata.perl (when doing the "gmake generate" in mozilla\security\nss\lib\ckfw\builtins); but got it to work (i.e., the certdata.c file gets created and I can gmake the nssckbi lib) by manually adding the CVS_ID at the top of the certdata.txt file; but there's still a problem with the perl script; here's the error message: Name "main::a" used only once: possible typo at certdata.perl line 212. Can't do inplace edit: < is not a regular file at certdata.perl line 48.
The addbuiltin command does not "create" certdata.txt. It is meant to "add" to certdata.txt. There is some special text, including the cvsid, at the beginning of that file that needs to be processes by the script. As noted in addbuiltin.c, the correct usage is "addbuiltin ... >> certdata.txt".
That sounds like a bug. It appears that addbuiltin does not support valid CA trust (probably because that value was added later).2. The trust flags specified when running addbuiltin do not stay the same after listing the cert with certutil: E.g., I specified trust flags "c,," when running addbuiltin, but certutil shows "p,p,p" when listing the cert...
-Ian
