> If that's not it, then you will need to step through the code in the CRL > cache. Assuming you are using NSS 3.10 (NSS_3_10_RTM) I suggest you start > with DPCache_FetchFromTokens and find out if the CRL is found during the > verification. I have downloaded NSS 3.10 precompiled debug binaries for Windows (VC6 compiler). By using VC6 debugger I have noticed that CERT_VerifyCertificate() (and CERT_VerifyCertificateNow()) never calls DPCache_FetchFromTokens(). For example, SEC_FindCrlByName() which I also use to find CRL and check its time validity (before attempting to download it from web) calls DPCache_FetchFromTokens().
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
