So, I've got some code that works, but I know it is
not quite the right way to do it, so any pointers
would be helpful. Basic scenario is this:
Given the name of a known module, say, "foo" I want
to enumerate over each slot in only that module to find the
cert that I need. This is for SSL client auth. And the
reason for specifying a specific module is so that other
modules present in the config are ignored.
So, I've started off with sampel code in the SSLSample
application in NSS and modified from there (IE, setting
up my own SSL Get Client AuthData callback). The basic
logic in the code is:
1. Find module from known name using
SECMOD_FindModle
2. Iterate over the slots in the module specifically
using the "slots" and "slotCount" entries within
the SECMODModule data structure.
3. For each slot:
3a. I check if it is present, and if it
is make sure it is logged in to.
3b. Call PK11_ListCertsInSlot to get the
list of certs in the slot. I then
iterate over them until one matches
the required criteria.
4. If a certificate that matches the criteria is
found, retrieve the private key using
PK11_FindKeyByAnyCert.
5. At this point, if a cert was found, I have both
a reference to the certificate and a reference
to the private key. However, upon freeing the
list acquired in step (3b) using CERT_DestroyCertList
my reference to the certificate found also becomes
invalid.
The question is, what is the best way, given the scenario,
to keep a valid reference to the certificate? I can easily
call PK11_GetCertFromPrivateKey, but that seems silly.
Thoughts? If there is a better way to approach the scenario
in general, I am all ears.
It's been awhile since I've gotten my hands in this deep.
Thanks,
-jim spring
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
