Thanks for the clarification. So, by calling CERT_GetDefaultCertDB(), I get a handle to some type of pseudo-certificate database when initializing with NSS_NoDB_Init? Does this guarantee that any key material stays inside a third-party PKCS #11 module during certificate and cryptographic operations?
Thanks, Kai On Fri, Nov 20, 2009 at 12:37 PM, Wan-Teh Chang <w...@google.com> wrote: > 2009/11/20 Kai Chan <nahc...@gmail.com>: > > I noticed in a lot of the certificate functions > > ( > http://www.mozilla.org/projects/security/pki/nss/ref/ssl/sslcrt.html#1050532 > ), > > there is an argument for CERTCertDBHandle. Does that mean I can't use > these > > certificate functions unless I use the cert8.db? If I still can, then do > I > > pass that as NULL? > > You should always pass the return value of CERT_GetDefaultCertDB() > as the CERTCertDBHandle * argument to those certificate functions. > > Once you initialize NSS (with or without databases), > CERT_GetDefaultCertDB() > will return a suitable value. > > Wan-Teh > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
