Hello, The issuers you get are the root certificates. All other certificates are stored in the certs.
Two facts you should consider: 1. It is not safe to store root certificates on PKCS#11 token, as anyone, even without authentication can add certificates into the token. 2. Storing the complete chain on a PKCS#11 token wastes storage, so in most cases you will find only the root certificate and the end certificate. Alon. On Fri, Apr 3, 2009 at 1:01 PM, Stéphanie De Maerteleire <[email protected]> wrote: > Hello, > > > > Am I correct that you are the developer of pkcs11-helper ? If so, you might > be able to help me with this issue. I’m Goblin_Queen on the OpenSC forum, I > posted a question before about using the Firefox PKCS11 provider with > pkcs11-helper. > > > > I’m having the following problem: > > When I call the method enumTokenCertificateIds like this: > > > > if ((rv = pkcs11h_certificate_enumTokenCertificateIds ( > > gekozenToken, > > PKCS11H_ENUM_METHOD_RELOAD, > > NULL, > > PKCS11H_PROMPT_MASK_ALLOW_ALL, > > &issuers, > > &certs > > )) != CKR_OK) { > > fatal ("pkcs11h_certificate_enumCertificateIds > failed", rv); > > } > > > > The variable ‘issuers’ is filled with a list of issuers on that token. But > the problem is that I’ve discovered not all issuers are included in this > list, how is this possible? I need a complete list of all issuers so I can > generate a certificate chain. My certificate chain method works fine for > certificates of which the issuer(s) is/are included in the list, but when > the issuer is not included in the list, it obviously crashes. > > > > Thanks in advance! > > Kind regards, > > Stephanie _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
