On Sat, Aug 11, 2012 at 5:37 AM, Gökçen Eraslan
<gokcen.eras...@gmail.com> wrote:
>
> When I traced the code I see that  sec_pkcs7_create_signed_data call
> returns successfully but sec_pkcs7_add_signer fails.
>
> Trace is like that:
>
> sec_pkcs7_add_signer -> CERT_VerifyCertificate -> CERT_VerifyCertChain
> -> CERT_FindBasicConstraintExten -> cert_FindExtension
>
> and finally cert_FindExtensionByOID function returns
> SEC_ERROR_EXTENSION_NOT_FOUND.
>
> My full patch is here: http://pastebin.ca/2179231
>
> Can anybody help me about that error? I need to create a PKCS7 object
> and encoded it via SEC_PKCS7Encode. May my certificate be the problem?

Perhaps the CA certificate of your signing certificate does not have
the basic constraint extension?  That's what I concluded from the call
stack you provided and the SEC_ERROR_EXTENSION_NOT_FOUND error code.

Also, it's better to use the new CMS functions in
mozilla/security/nss/lib/smime instead of the old PKCS7 functions.

Wan-Teh
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to