b/util/secerr.h#207
> ).
>
> Cheers,
> David
>
> On 03/30/2016 12:49 PM, Nicholas Mainardi wrote:
> > Hello,
> >
> > I am parsing and validating a sample of certificate chains. I am using
> > PKIXVerifyCert function, and i check the error code in case it ret
Hello,
I am parsing and validating a sample of certificate chains. I am using
PKIXVerifyCert function, and i check the error code in case it returns
SECFailure. On a chain which is made by only one certificate, I got error
-8016. However, I don't find it neither in this list
cation, otherwise your verification will always fail.
> If you have no trusted CAs, then all verifications will always fail.
>
> The same will be true whether you are using the legacy chain verification
> code in NSS, or libpkix.
>
> Julien
>
> On 2/10/2016 05:26, Nicholas
Anyone up for a possible solution?
2016-02-06 14:51 GMT+01:00 Nicholas Mainardi <mainardinicho...@gmail.com>:
> If I remove cert_pi_certList from the array, invalid_args error turns into
> untrusted_issuer error (-8172). So, it seems that even if I don't add the
> intermediate
some usages.
If someone can point me out why this happens, and confirm the possible
issues I have found, it would save me a lot of time.
Thank You,
Nicholas
2016-02-09 13:57 GMT+01:00 Nicholas Mainardi <mainardinicho...@gmail.com>:
> Anyone up for a possible solution?
>
> 2016-02-
ures.
> To support things like policy checks, you can use libpkix .
> Look for CERT_PKIXVerifyCert . There are examples of usage in the NSS test
> programs vfychain and tstclnt .
> The library supports many more options than may be tested, though.
>
> Julien
>
> On 2/3/2016
Hello,
I'm comparing different libraries to verify X509 certificate chains. I had
some issues to find how to use NSS to perform this task. At the end, I
managed to get a working code with one certificate chain. You can find the
code in this question
7 matches
Mail list logo
