-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
I've been looking at the problem of different libraries/different
clients each with their own private key/cert db in a single process (for
example, the Thunderbird ldap/nss_ldap problem). In this case, the user
may want nss_ldap to keep its certs and keys (including ca certs)
separate from those used by Thunderbird. I think it could work by first
creating a token based on a unique key (e.g. to use the openldap config
directives, a unique combination of cacertfile, cacertdir, certfile, and
keyfile). Then call SECMOD_OpenUserDB() to create a private db based on
that token, and import CA certs into this db (from pem files, for
example). This function returns a PK11SlotInfo * - how do you get a
CERTCertDBHandle * given that slot pointer? If I get this, I think I
can use this to import certs, use for various VerifyCert functions, and
even pass to SSL_CertDBHandleSet to use this cert DB for SSL.
- Per-context key/cert db Rich Megginson
- Re: Per-context key/cert db Robert Relyea
- Re: Per-context key/cert db Julien R Pierre - Sun Microsystems
