[EMAIL PROTECTED] wrote:
Just to get the semantics clear: NSS does not store certs from other PKCS #11 devices in cert.db. If you are making calls to read certs directly from the database, you will not be able to access certs from these PKCS #11 modules. This is precisely why NSS does not export direct access to these functions. (you have to do a fair amount of work to get to them if that is what you really wanted).Hi, Now I have met a problem that I don't known how to read Certificates from Mozilla's certificate database. Those Certs have installed by PKCS#11 with a hardware-token or software-token and web-installed way.Anyway, I want to get all user's certificate out from Mozilla Cert.db. Now I can't find a better way to finish it with my C++ program in an XPCOM. Would you like to give me a demo or tell me more details document? I hope to receive your favour at an early date.
Thanks!
Kindly regards.
If you are making generic calls to look up the certificates, (CERT_ or PK11_), and those calls don't take a specific slot, NSS will automatically search all the tokens it knows about and has access to. If you are using calls which take a specific slot, then you are responsible for calling those functions on all the slots you are interested in (these functions should really only be used where you have already found the desired slot you wish to operate on -- one common mistake is to call SECMOD_GetInternalDBSlot() and pass that to your function. This scheme should only be used if you *NEVER* want to support other PKCS #11 modules and you only want to work on the internal DB slot).
If you are calling generic cert lookup functions which don't take a specific slot and you still aren't seeing your certificates, that could be one of the following issues: 1) when you initialized NSS, you did not initialize NSS with a secmod.db which points to those PKCS#11 modules you are interested in (you can list the loaded modules to determine this), 2) your secmod.db has the the PKCS #11 modules, but for some reason they could not be loades (you can look at the list of failed modules to see if this is the case), 3) you have the modules loaded, but you have not authenticated to the modules (and the modules need authentication before they will display their certs). In this case you probably haven't registered a password call back.
I can go into more detail about the issues around #3, but at this point I'm really guessing because your request is a little vague. If I know which calls are failing, and how NSS is being initialized, I'd have a better idea about what you are trying to do and why it's failing.
bob _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
