On Friday, January 9, 2015 at 1:36:51 PM UTC-5, John Dennis wrote: > On 01/09/2015 08:07 AM, Roger Dunn wrote: > > I need to enumerate the certs in my local store, and in my testing, > > only user certs can be enumerated using the get_cert_nicknames api. > > It also appears to be the only exposed api for listing certs in the > > db. I'm using the ver 0.12 version of python-nss. > > > > The function get_cert_nicknames takes a parameter which lists ALL > > certs, USER certs, CA certs, SERVER certs. I have a mix of user and > > valid CA certs in my nssdb, and the only flag that works is > > "nss.SEC_CERT_NICKNAMES_USER", and does indeed return my user certs. > > > > > > I'm unable to programmatically discover other certs using this api. > > > > After reviewing the nss 'C' source code, I noticed a #ifdef > > surrounding the sections that handle the other 3 cases. Is this > > functional, and if not, is there some other mechanism to enumerate > > the certs? > > > > There was an almost identical question posted last night by > tahoeki...@gmail.com with the subject "nss-python issue". I assume this > is a duplicate post by the same person, yes or no? > > In any event if you tracked the problem down to a specific location in > the source code it would help if you included that information. I > located the problematic code: > > file: lib/certhigh/certhigh.c > line: 371 > function: CollectNicknames > > I have no idea why this logic is commented out. > > FWIW I did code up a simple python-nss test and reproduced the behavior. > The problem has nothing to do with python-nss. python-nss simply calls > the NSS function CERT_GetCertNicknames(). Maybe one of the core NSS > developers can shed light on why the code is commented out. My > suggestion would be to file a bug against NSS. > > https://bugzilla.mozilla.org/enter_bug.cgi?format=guided#h=bugForm|NSS|Libraries > > -- > John
Yes, that was me on both posts... the first one was taking awhile to pop up on the grid (overnight), thought it was lost in a black hole. Thanks or the update, I shall post a bug as you suggested. -Roger -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
