On Sat, Aug 11, 2012 at 5:37 AM, Gökçen Eraslan <gokcen.eras...@gmail.com> wrote: > > When I traced the code I see that sec_pkcs7_create_signed_data call > returns successfully but sec_pkcs7_add_signer fails. > > Trace is like that: > > sec_pkcs7_add_signer -> CERT_VerifyCertificate -> CERT_VerifyCertChain > -> CERT_FindBasicConstraintExten -> cert_FindExtension > > and finally cert_FindExtensionByOID function returns > SEC_ERROR_EXTENSION_NOT_FOUND. > > My full patch is here: http://pastebin.ca/2179231 > > Can anybody help me about that error? I need to create a PKCS7 object > and encoded it via SEC_PKCS7Encode. May my certificate be the problem?
Perhaps the CA certificate of your signing certificate does not have the basic constraint extension? That's what I concluded from the call stack you provided and the SEC_ERROR_EXTENSION_NOT_FOUND error code. Also, it's better to use the new CMS functions in mozilla/security/nss/lib/smime instead of the old PKCS7 functions. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto