Hi folks. I'm having some trouble using CERT_ImportCerts.
A minimal demo of the problem is at
http://kegel.com/cert-import-demo.cc
All this does is take a base 64 cert, decode it, and import it.
I have verified with the sequence
$ mkdir ~/.netscape
$ certutil -N
$ certutil -A -n foo -t "p,p,p" -i ~/root_ca_cert.crt
$ certutil -L -n foo
that the cert embedded in this source file looks
reasonable to my untrained eye. Also, since
Issuer: "O=Cert Test,L=Mountain
View,ST=California,C=US,CN=Test CA"
is the same as
Subject: "O=Cert Test,L=Mountain
View,ST=California,C=US,CN=Test CA"
it should be recognized as a root cert, right?
First problem:
Decoding fails because NSSBase64_DecodeBuffer appears
to barf on the trailing ---END CERTIFICATE---.
Am I using this function properly? It seems to have
code to skip trailing garbage, but evidently it's
too fragile to ignore this common trailer.
Change #if 0 to #if 1 to work around this.
Second problem:
Importing fails. The error is -8187, SEC_ERROR_INVALID_ARGS
Stepping through the code, I think I see it first not believing
it's a root cert, and then complaining that it doesn't recognize
the authority (no surprise there, if it doesn't think it's a root
cert).
Can somebody point out where I'm going wrong?
Thanks!
- Dan
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
