Alex,
alex21 wrote:
I'm verifying certificates in the chain. I found that I cannot reinitilize
NSS after calling CERT_VerifyCertificate, because at some point it
increments Pk11 slot reference counter. Here's the sequence:
PK11SlotInfo *slot = PK11_GetInternalKeySlot(); // just for tracking
purposes
You need to release the reference to the slot that you created in the
above line by calling
PK11_FreeSlot(slot) ;
res =
CERT_VerifyCertificate(handle,cert,PR_TRUE,0,pTime,myStruc,&log,&returnedUsages);
// slot->refCount = 3 at this point for the signer certificate.
The signer certificate may be added to the CRL cache, and gets
refcounted as a result.
NSS_Shutdown() should take care of releasing that reference when it
calls ShutdownCRLCache();
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
