Context: I am working on PKI cross certification using a PKI bridge. To fetch missing certificates, I use the following AIA certificate extension:
CA Issuer: URI : http://_...@ftp_server__/.../bundle.p7c where bundle.p7c contains the missing certificates (pkcs7 format). *********************************************************************** *********************************************************************** Problem: Microsoft's CAPI/CSP is able to fetch this bundle, extract the certificates and create properly the certification chain. Yet Mozilla's NSS seems to ignore the AIA extension and doens'nt fetch the bundle. ************************************************************************** Question: I found a library on the internet called "libpathfinder-nss-1" (http://packages.debian.org/fr/lenny/libpathfinder-nss-1). +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Pathfinder is designed to provide a mechanism for any program to perform RFC3280-compliant path validation of X.509 certificates, even when some of the intermediate certificates are not present on the local machine. It will automatically download any such certificates (and their CRLs) from the Internet as needed using the AIA and CRL distribution point extensions of the certificate it is processing. This package contains the shared library to allow LibNSS based programs to use Pathfinder for their Certificate validation. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ It seems that this package enables a Debian distribution to do exactly what i want! Yet I have installed this library and nothing changed. Would you have any complementary information on this package? It says that it allows LibNSS based programs to use PathFinder, Does NSS is based on LibNSS(is it really the same thing)? Do i have to change something in my NSS module to allow this library to be called or recognized?? My last question would be to know if all other X.509 certificate extensions were supported (policy mapping, ..) **************************************************************************** Thank you very much for your help! -- View this message in context: http://www.nabble.com/NSS%2C-AIA%2C-Bridge-tp23866532p23866532.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
