2010/1/18 Kai Chan <[email protected]>: > Hi, > > In cert.h > (http://mxr.mozilla.org/security/source/security/nss/lib/certdb/cert.h#714), > there is a line about obsolete functions: > **OLD OBSOLETE FUNCTIONS with enum SECCertUsage - DO NOT USE FOR NEW > CODE > > And also in certvfy.c > (http://mxr.mozilla.org/security/source/security/nss/lib/certhigh/certvfy.c#1533): > /* obsolete, do not use for new code */ > > That's all functions below those lines that use SECCertUsage? What version > would you be expecting to phase them out?
The comment means you should use CERT_VerifyCertificate and CERT_VerifyCertificateNow instead if you're writing new code: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/cert.h&rev=1.79&mark=684,692,699#683 CERT_VerifyCert and CERT_VerifyCertNow will not be removed. Would "deprecated" be less confusing than "obsolete"? I also encourage you to try the new CERT_PKIXVerifyCert function. It is very hard to use, and has some bugs, but it supports RFC 5280 better. The best sample code for CERT_PKIXVerifyCert is in Chromium because Firefox uses CERT_PKIXVerifyCert only for EV certificate verification: http://src.chromium.org/viewvc/chrome/trunk/src/net/base/x509_certificate_nss.cc?view=log Wan-Teh -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
