Nelson, Nelson Bolyard wrote: > Julien R Pierre wrote on 2008-08-12 16:53 PDT: >> Robert Relyea wrote: >> >>> SECMOD_OpenUserDB() will open new database slots in the internal >>> database module. >> Unfortunately, those additional DBs can't be manipulated separately. > > huh? > - key gens can be done in each one separately, > - certs can be imported into each or or exported from each one separately > - certs can be found in each one separately, by tokenname:nickname
Many of the NSS APIs don't take slot arguments and work on the union of all the modules/slots configured. In particular mayn search functions will look for certs and keys in all the tokens, ie. all the databases available. >> This is particularly a problem for trust. > > It does seem as though trust ought to be record in the same token as > the cert by default, when the token is capable of recording trust. I am not certain where the trust will get recorded, and you may be correct, but the trust that is read is the union of all the trusts from each DB, by slot priority. When you call CERT_GetCertTrust you only get one trust object no matter how many slots the cert may appear in, and whether the trust between those DBs agrees or not. It's not possible to specify what slot you would prefer the trust to come from. This was part of the trust domains in the stan project which was not completed. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
