I will try to help you if you can wrap the code below in a complete program
that I can compile and run using Visual Studio 2010.
----- Original Message -----
From: "PeachUser" <anupama.jo...@gmail.com>
To: dev-tech-crypto@lists.mozilla.org
Sent: Tuesday, October 19, 2010 8:06:33 AM
Subject: Re: problem Importing certificates in NSS db using Cert_importcerts -
CAN Somebody please help me ???
THanks
On Oct 18, 12:32 pm, PeachUser <anupama.jo...@gmail.com> wrote:
> I am implementing functionality which needs to take trusted root
> certs from user and use it to do SSl handshake.
> I use CERT_ImportCert
> I read a DER file get the data and length , create SECItem and then
> pass it to the CERt_importCerts.
> I am keeping both the "keepcerts" and "isCA" flags true.
> and I am also passing a nickname .
> But in the CertArray (return value) the cert does not seem to get the
> nick name .
> If I do certutil -L , I do not see this cert there.
> what am I doing wrong ? Pl. let me know. I have spent lot of days
> debugging this but cant get anywhere.
> Thanks in advance ..
> Here is my code ...
> SECItem ** rawArray;
> CERTCertificate ** certArray = NULL;
> for(U32 i=0; i<m_certs.size(); i++){
>
> BYTE *buf = m_certs.get(i);
> U32 len = m_lenArr.get(i);
>
> SECItem certItem ;
>
> certItem.data = buf;
> certItem.len = len;
> certItem.type = siDERCertBuffer;
> trustedCerts[i] = certItem;
>
> }
>
> PLAYEROUTPUT((" in Add trusted certs after getting certs in
> trusted certs -setServerRootCertificate\n"));
>
> rawArray = (SECItem **) PORT_Alloc(sizeof(SECItem *) *
> (m_certs.size()));
> PLAYEROUTPUT((" in Add trusted certs -allocating memory -
> setServerRootCertificate\n "));
> if(! rawArray) {
> PLAYEROUTPUT((" NO Raw Array \n"));
> }
> for(U32 i =0 ; i < m_certs.size() ; i++ ){
> rawArray[i] = &trustedCerts[i];
> }
> PLAYEROUTPUT((" in Add trusted certs - raw array populated -
> setServerRootCertificate\n"));
> char nickname [] = "UserRootCert";
> SECStatus rv =
> CERT_ImportCerts(CERT_GetDefaultCertDB(),certUsageSSLServer,m_certs.size(),rawArray,&certArray,
> PR_TRUE,PR_TRUE,nickname);
> if(rv != SECSuccess ){
> PLAYEROUTPUT((" unable to insert certificate in DB -
> setServerRootCertificate\n "));
> }
> else if(certArray == NULL ){
> PLAYEROUTPUT((" unable to insert certificate in DB certArray
> is null -setServerRootCertificate\n "));
> }
> else if( certArray[0] ==NULL){
> PLAYEROUTPUT((" unable to insert certificate in DB
> certArray[0] is null -setServerRootCertificate\n "));
> }
>
> CERTCertTrust *trust = NULL;
> trust = (CERTCertTrust *)PORT_ZAlloc(sizeof(CERTCertTrust));
> char trustsetting []= "c,c,c";
> rv = CERT_DecodeTrustString(trust, trustsetting);
> if (rv) {
> PLAYEROUTPUT(("unable to decode trust string"));
>
> }
>
> CERTCertificate *cert1 = NULL;
>
> for(U32 i=0; i< 1; i++){
> cert1 = certArray[i];
> rv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert1,
> trust);
> if (rv != SECSuccess) {
> PLAYEROUTPUT(("could not change trust on certificate"));
>
> }
> }
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
