raffe wrote: > Hi ! > > I have a pkcs#11 module installed on my mozilla build that I want to use to > access my smart card via pcsc-lite. > That module and the card reader are properly working as I can see the > certificates stored in the smart card via "Manage Certificates...". > > I am developing a plugin that needs to list the certificates that exists in: > - default certificate database > - any pkcs#11 module > > I use "PK11_GetAllTokens" to list all the modules. > > The first strange thing I notice is that: > - I use "PK11_GetSlotName" and "PK11_GetTokenName" to print some > information of the module > - If I use then those names as input to "PK11_FindSlotByName", then I get a > null pointer. Why ?
Always, or just some of the time? I believe you will get a NULL pointer if you try to look up a slot using the SlotName if there is a token installed. (PK11_FindSlotByName is usually used to find a token which has been inserted into a slot). > > Then, I am confused with one thing: > - nss is not delivered with mozilla. You have to build it yourself NSS is published under it's own releases at http://ftp.mozilla.org/pub/security/nss/releases/ Nightly builds of mozilla use the shared library form of NSS. NSS comes in 4 shared libraries: libsmime3.so (pkcs 12, pkcs7, S/MIME) libssl3.so (ssl), libnss3.so (core NSS interfaces for crypto & cert handling), libsoftoken3.so . > - I am, instead of nss, using libpipnss.so, that I load dynamically > (dlopen...) in my plugin. This only works with some platforms. Not all platforms will have the NSS symbols exported. > - And I do so because I find contradictory information about the public > functions published in mozillas nss documentation, and the functions that > are used in the delivered examples or answers to questions in this > newsgroup. > I would like to know: > - what functions are exported via libpipnss.so > - what functions are exported via nss > - is it a bad idea using libpipnss when the functions I need are actually > in nss ? How to come around this if nss is not delivered ? The exported NSS functions are listed at: http://www.mozilla.org/projects/security/pki/nss/ref/nssfunctions.html This should be updated when NSS 3.4 is released. Much of the confusion here is my fault. NSS was originally built as a component of the original Netscape products. When we decided to make it a general toolkit, we realized there were many interfaces that really weren't conducive to a general toolkit. We stablized the SSL interfaces and documented them, but many of the low level PK11_ and CERT_ interfaces were not documented because we expected them to "change" "anyday now". People have now started to use more of these low level functions for legitimate uses (like yours of managing certificates), and are now running into some of these issues. The fact the community can quickly find the mostly corrrect interfaces is more a tribute the the community rather than the quality of our documentation. OK that being set, libpipnss.so is in even more dire situations. libpipnss is really only the mozilla component which links NSS into the mozilla environment. As such it will change as the needs of mozilla change. Other applications have their own linking layers. > > And then, the reason of this mail: how can I get the certificates that are > stored in a smart card ? PK11_ListCerts() will list all the certs on all your tokens. It's available in NSS 3.3 and 3.4. > > /R
