I'm verifying certificates in the chain. I found that I cannot reinitilize NSS after calling CERT_VerifyCertificate, because at some point it increments Pk11 slot reference counter. Here's the sequence:
PK11SlotInfo *slot = PK11_GetInternalKeySlot(); // just for tracking purposes // slot->refCount = 2 at this point // ... import PKCS12 into NSS storage - too long to be mentioned here // slot->refCount = 2 at this point CERTCertificateList *chain = CERT_CertChainFromCert(pct, certUsageObjectSigner, PR_TRUE); // pct is signers certifcate // in the loop for each certificate: CERTCertificate *cert = CERT_DecodeDERCertificate (&chain->certs[i], PR_TRUE, NULL); // slot->refCount = 2 at this point res = CERT_VerifyCertificate(handle,cert,PR_TRUE,0,pTime,myStruc,&log,&returnedUsages); // slot->refCount = 3 at this point for the signer certificate. So, the question is what to release/destroy in order to decrement "refCount" back to original... Or how to avoid this increment. Otherwise I'm not able to properly shutdown NSS and therefore NSS_Initialize fails as well. Thanks, Alex _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
