Hello,
I was reading
http://www.mozilla.org/projects/security/pki/nss/loadable_certs.html and the
"sample code for installing the module". @ questions about this:
1. Shouldn't it read:
...
if (hasroot == PR_FALSE) {
dll_path = yourFindrootCertModuleInYourInstallTree();
SECMOD_AddNewModule("Root Certs",dll_path, 0, 0);
}
instead of
if (hasroot) {
dll_path = yourFindrootCertModuleInYourInstallTree();
SECMOD_AddNewModule("Root Certs",dll_path, 0, 0);
}
Don't you want to install "Root Certs" if there are no root cert module
already installed?
2. In the "Sample code to ge the certs with module loaded": the
PK11_GetAllTokens function is not in the NSS3.3 public function. I'm
guessing it will be there in NSS3.4?
Also more generally:
1. Where could I find sample code for building a PK11 module with custom
list of CAs?
2. One is not restricted to *Root* CAs only, but should be allowed to add
any cert to the PK11 module and have NSS recognize it, correct?
3. Does NSS still see all CA including the ones on any loaded PK11 module,
with a call to CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
SEC_CERT_NICKNAMES_CA, NULL)?
-- P
