Petar,
Petar Popara wrote:
I have imported CRL into Firefox, but CERT_VerifyCertificateNow() doesn't
report that my certificate is revoked. It should, because my (test)
certificate IS revoked. :(
Which certUsage I should specify (for CERT_VerifyCertificateNow()) if user
is signing or encrypting something?
P.S. I'm writting plugin for Firefox 1.0.4.
What date are you verifying your certificate against ?
The CRL cache uses the entry revocation date . If you check for
revocation as of 1pm yesterday, but the cert was revoked today, then the
verification will pass .
This is just one guess as to what could be wrong. Your CRL also needs to
be valid and issued by the same CA as the certificate you are verifying,
with the same signing key. It needs to be a full CRL. This is the only
case that's currently supported.
If that's not it, then you will need to step through the code in the CRL
cache. Assuming you are using NSS 3.10 (NSS_3_10_RTM) I suggest you
start with DPCache_FetchFromTokens and find out if the CRL is found
during the verification.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
