Thanks, I changed the trust settings as you suggested and now I don't get the problem.
Mike "Robert Relyea" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED].; > > > Mike McIntosh wrote: > > Ian, that is the problem. > > > > In fact, when I built the sources and debugged it I found it was failing in > > pkcs11.c (pk11_searchCerts, line 3980) checking the trust flags for > > CERTDB_USER. > > > > I got this (temporary) test certificate from verisign and installed it using > > certutil tool. It's type is "Trusted Client CA". I notice the comment in the > > code that "we are only interested in permanment user certs here". Can I not > > use this for testing?. > > > > Thanks, > > Mike > > If the private key is stored in your database, you can. When you used > certutil to import it, it was imported as a non-user cert. You can fix > this by explicitly setting the user bits (u,u,u) on the cert with the > change trust flags. > > If you do not have the private key in your database, you cannot look up > the cert with the PK11_FindCertByNickname call because the internal > token only exports user certs in NSS 3.3 or earlier. That is not an > issue in NSS 3.4. > > > > > > > > > "Ian McGreer" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED].; > > > >>Mike McIntosh wrote: > >> > >>>Hi, > >>> > >>>I am trying to use nss to provide SSL support for our server application > >>> > > but > > > >>>I am falling at first hurdle. > >>> > >>>I used the certutil tool to add a certificate (verisign test > >>> > > certificate) to > > > >>>database and this was successful. > >>> > >>>I have used the sample code sslsample/selfserv as basis for code but I > >>> > > am > > > >>>having a problem accessing certificates via PK11_FindCertFromNickname > >>> > > (even > > > >>>in the samples). > >>> > >>>If I do the following :- > >>> > >>> nicknames = CERT_GetCertNicknames(CERT_GetDefaultCertDB(), > >>>SEC_CERT_NICKNAMES_ALL, 0); > >>> > >>>this works and I can see the certificate nickname is there ok. However, > >>> > > when > > > >>>I do :- > >>> > >>>cert = PK11_FindCertFromNickname(nickname, password); > >>> > >>>it returns NULL. > >>> > >>>I suspect it may be related to the password callback function which is > >>> > > never > > > >>>being called. Is this normal? > >>> > >>You shouldn't need the password for locating a certificate. What is the > >>trust of your cert? Are you sure it is a user cert (that is, you have > >>the key for it in the same profile)? > >> > >>-Ian > >> > >> > >> > > > > >
