On 9/19/2010 11:48 AM, Nelson B Bolyard wrote:
On 2010-09-16 00:54 PDT, Wolter Eldering wrote:
Hi,
I have configured a model file descriptor using
SSL_SetTrustAnchors(PRFileDesc *fd, CERTCertList *list)
The ssl3.ca_list information set in the model is not copied into the new
file descriptor when calling PRFileDesc *SSL_ImportFD(PRFileDesc *model,
PRFileDesc *fd);
Thank you for filing the bug report in bugzilla.
Could it be that the SSL_SetTrustAnchors() should be called every time
on the PRFileDesc returned by SSL_ImportFD()?
That's not the intent, but it probably works as a work-around.
Hi Nelson,
If called SSL_SetTrustAnchors() for every connection as a work-arround.
Every time the CERTCertList has the be converted into a CERTDistNames
using CERT_DistNamesFromCertList.
I'm using this code in a patch for mod_nss so we can control the list of
acceptable CA's for client authentication.
Because we deal with a large number of certificates I've also have some
patches to reduce the number of queries to the sql: type database.
And a patch that will make the NSS_SDB_USE_CACHE=yes perform much
better. We use NSS_SDB_USE_CACHE=yes so we can access it from gfs2.
What's the best way to submit these patches?
Regards,
Wolter
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
