Hi folks. I'm having some trouble using CERT_ImportCerts. A minimal demo of the problem is at http://kegel.com/cert-import-demo.cc All this does is take a base 64 cert, decode it, and import it.
I have verified with the sequence $ mkdir ~/.netscape $ certutil -N $ certutil -A -n foo -t "p,p,p" -i ~/root_ca_cert.crt $ certutil -L -n foo that the cert embedded in this source file looks reasonable to my untrained eye. Also, since Issuer: "O=Cert Test,L=Mountain View,ST=California,C=US,CN=Test CA" is the same as Subject: "O=Cert Test,L=Mountain View,ST=California,C=US,CN=Test CA" it should be recognized as a root cert, right? First problem: Decoding fails because NSSBase64_DecodeBuffer appears to barf on the trailing ---END CERTIFICATE---. Am I using this function properly? It seems to have code to skip trailing garbage, but evidently it's too fragile to ignore this common trailer. Change #if 0 to #if 1 to work around this. Second problem: Importing fails. The error is -8187, SEC_ERROR_INVALID_ARGS Stepping through the code, I think I see it first not believing it's a root cert, and then complaining that it doesn't recognize the authority (no surprise there, if it doesn't think it's a root cert). Can somebody point out where I'm going wrong? Thanks! - Dan _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto