Hello,
I started off compiling and running sample program 6 (available here:
http://www.mozilla.org/projects/security/pki/nss/sample-code/sample6.html)
I followed the directions in the comment block at the top and created
the new NSS Database using "certutil -N -d ." and setting "test" as the
password. The program ran as expected.
I then moved on to trying some things on my own and I was first able to
retrieve a certificate from the DB using PK11_FindCertFromNickname and
passing it the alias of one of the certs that showed up when I did a
"certutil -L -d ." (BTW, I did populate the new NSS DB using pk12util so
there are 3 certs and a key in the DB now.).
I then wanted to just list out all the certs in the DB and attempted to
get the default certdb (which I assumed is automatically set to the one
in the config directory specified in the call to NSS_Init) like so:
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
doing PR_GetError() shows no error (do PR errors apply to NSS as well as
NSPR?) so then I try to print out the certificate DB version and the #
of certs in it and I get 0 returned for both:
printf("Certificate db version: %i\n",
CERT_GetDBContentVersion(certdb));
CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
printf("Certificate db version: %i\n",
CERT_GetDBContentVersion(certdb));
This is when I stared adding the PR_GetError() calls after every NSS
method call and I found that although rv==SECSuccess after the call to
NSS_Init, PR_GetError() is showing the error -12285.
Pulling the cert out and then printing the subjectName works fine, but
the rest of the stuff with the certDB doesn't.
I looked up error -12285 on the NSS and SSL Error page:
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslerr.html
and see that the error can be caused by a number of things. At first I
thought it was a bad password and recreated the DB, but I've ruled that
out. I still have the password hardcoded in the code as "test" and I
set the password as "test" when I created the DB. None of the other
causes make a whole lot of sense to me as the error is occuring during
NSS initialization. I'm not trying to authenticate at that point.
I went back and added the same line of code to print out the error after
the initialize call in sample6 and it also spits out the same error as
my code.
Any help would be appreciated. If I'm trying to enumerate the
certificates in the DB incorrectly then I may have been sent on the wild
goose chase for this error for nothing and it may be ignorable.
Another question is about the nspr log. What exactly is the highest
level of debugging? I've seen 6 used but the page talking about nspr
logging says just use "all:5".
Thanks,
Dave
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
