Ian, that is the problem. In fact, when I built the sources and debugged it I found it was failing in pkcs11.c (pk11_searchCerts, line 3980) checking the trust flags for CERTDB_USER.
I got this (temporary) test certificate from verisign and installed it using certutil tool. It's type is "Trusted Client CA". I notice the comment in the code that "we are only interested in permanment user certs here". Can I not use this for testing?. Thanks, Mike "Ian McGreer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED].; > Mike McIntosh wrote: > > Hi, > > > > I am trying to use nss to provide SSL support for our server application but > > I am falling at first hurdle. > > > > I used the certutil tool to add a certificate (verisign test certificate) to > > database and this was successful. > > > > I have used the sample code sslsample/selfserv as basis for code but I am > > having a problem accessing certificates via PK11_FindCertFromNickname (even > > in the samples). > > > > If I do the following :- > > > > nicknames = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), > > SEC_CERT_NICKNAMES_ALL, 0); > > > > this works and I can see the certificate nickname is there ok. However, when > > I do :- > > > > cert = PK11_FindCertFromNickname(nickname, password); > > > > it returns NULL. > > > > I suspect it may be related to the password callback function which is never > > being called. Is this normal? > > You shouldn't need the password for locating a certificate. What is the > trust of your cert? Are you sure it is a user cert (that is, you have > the key for it in the same profile)? > > -Ian > >
