Re: create certificate problem
POC wrote: Would it be possible to have the following 2 functions added to the next version of the NSS public API: CERT_CreateCertificate; CERT_CreateValidity; Ian McGreer indicates that the 1st function will make it in NSS 3.5. What about the 2nd one? It too would be most useful in creating a certificate... Both of these functions were added to the NSS public API in NSS 3.5. You can download the latest NSS 3.6 release (just announced today) and they will be there. Wan-Teh
Re: create certificate problem
Would it be possible to have the following 2 functions added to the next version of the NSS public API: CERT_CreateCertificate; CERT_CreateValidity; Ian McGreer indicates that the 1st function will make it in NSS 3.5. What about the 2nd one? It too would be most useful in creating a certificate... Also, where on mozilla's Web site can I find a time table for future NSS releases (e.g., NSS 3.5)? -- POC
Re: create certificate problem
POC wrote: Would it be possible to have the following 2 functions added to the next version of the NSS public API: CERT_CreateCertificate; CERT_CreateValidity; Ian McGreer indicates that the 1st function will make it in NSS 3.5. What about the 2nd one? It too would be most useful in creating a certificate... Also, where on mozilla's Web site can I find a time table for future NSS releases (e.g., NSS 3.5)? -- POC Both of these functions are exported in NSS 3.5 and above. NSS 3.6 was just released, and is already a part of the Mozilla browser. You can pull the source tree from NSS_3_6_BRANCH . As far as the Mozilla web site, http://www.mozilla.org/projects/security/pki/nss/ is the address. It doesn't seem that we have any info about anything past 3.4 . So here is what's missing . NSS 3.5 was a release for the Mozilla browser only. No other products are known to use it. You can pull it from NSS_3_5_BRANCH if interested. NSS 3.6 is a release for a broader range of products, and contains many performance enhancements, in particular with revocation (CRLs). See http://www.mozilla.org/projects/security/pki/nss/nss-3.6/nss-3.6-plan.html . It doesn't appear there is a link to that document frmo anywhere else on Mozilla. http://www.mozilla.org/projects/security/pki/nss/nss-3.6/nss-3.6-plan.html FYI, here is what we are working on now, though the feature list for NSS 3.7 is still subject to change : http://www.mozilla.org/projects/security/pki/nss/nss-3.7/nss-3.7-plan.html
Re: create certificate problem
On Sat, 28 Sep 2002 19:37:47 -0400, Jingyu Liu wrote: Hi all, I tried to use CERT_CreateCertificate(...) to create a certificate, but I got a link error which says this function is not in nss3.lib. What happens to this function? If I want to create a certificate what API I should use? That is the correct function. It was not exported from nss3.lib until NSS 3.5. Now I implement my own MyCERT_CreateCertificate(...) by copying the source codes of CERT_CreateCerficate in LXR. It looks work, but the problem is: if I sign the certificate with CA's private key, then CERT_VerifyCert would succeed; but if I sign the certificate with user's private key(which is created when creating a certificate request), CERT_VerifyCert never succeed. This is weird since certificate is supposed to be signed with user's private key, because only user's public key info is in the certificate. signing it with CA's private key should not work. Am I right? No. Certificates are signed with the CA's private key. You might want to read this document: http://developer.netscape.com/docs/manuals/security/pkin/index.htm -Ian
create certificate problem
Hi all, I tried to use CERT_CreateCertificate(...) to create a certificate, but I got a link error which says this function is not in nss3.lib. What happens to this function? If I want to create a certificate what API I should use? Now I implement my own MyCERT_CreateCertificate(...) by copying the source codes of CERT_CreateCerficate in LXR. It looks work, but the problem is: if I sign the certificate with CA's private key, then CERT_VerifyCert would succeed; but if I sign the certificate with user's private key(which is created when creating a certificate request), CERT_VerifyCert never succeed. This is weird since certificate is supposed to be signed with user's private key, because only user's public key info is in the certificate. signing it with CA's private key should not work. Am I right? Does anybody can give some hints? Thanks a lot!!! Regards, Jingyu
