I wrote a program to view CRLs in the DB (similar to crlutil) but it
doesn't work in all situations. I'm aware that there was a problem
with previous versions of NSS that didn't support CRLs greater than
64KB. I'm using NSS-3.3.2 and NSPR-4.1.2 to compile my program.
Listed below is the source. I have a CRL that is 118KB and the
program fails to find the CRL in the DB. (I'm also testing with a CRL
that is 41KB and it works just fine.) I'm using the certutil command
that comes with NSS-3.3.2 to build the DB and the crlutil command to
import the CRL. (The crlutil also fails to find the CRL in the DB
after it imports it.) The problem occurs when I check crlList->first;
this is NULL even though SEC_LookupCrls returns a valid crlList.
int main(int argc, char* argv[])
{
CERTCertDBHandle *crlDBHandle = NULL;
CERTCrlHeadNode *crlList = NULL;
CERTCrlNode *crlNode = NULL;
CERTCrl *crl = NULL;
NSS_Init(configDir);
crlDBHandle = CERT_GetDefaultCertDB();
SEC_LookupCrls(crlDBHandle, &crlList, SEC_CRL_TYPE);
if (! crlList)
{
printf(" WARNING: No list of CRLs found to do lookups\n");
}
if (! crlList->first)
{
/* PROGRAM FAILS HERE */
printf(" WARNING: List of CRLs found, but no node in the
list\n");
}
for (crlNode = crlList->first; crlNode; crlNode = crlNode->next)
{
crl = &(crlNode->crl->crl);
listCRL(crl);
}
return 0;
}
Any help would be greatly appreciated.
Jim
