Jeff Paquette wrote on 10/26/2004, 7:47 AM: > We're using the SunOne / Mozilla Directory SDK in our product and will be > using SSL to secure the communications channel between client and server. > The call to ldapssl_client_init() needs a path to the cert7.db; but the > documentation only describes how to add a single certificate to the > database. What's missing is a description of where to get all the CA's > certificates needed in order for an ssl session to be established. > > We can't rely on this database existing on our client machines; we will > have to provide it with our product. Should I just grab a copy of the db > provided with Mozilla, or should I generate one myself, using certutil? If > the latter, where do I find all of the CA's certificates?
The built-in root CA certificates are stored in the "nssckbi" shared library/DLL in the NSS library suite. Your application should call SECMOD_AddNewModule to load the "nssckbi" shared library/DLL. This is how the Mozilla browser does that: http://lxr.mozilla.org/security/source/security/manager/ssl/src/nsNSSComponent.cpp#440 Here is a document with sample code (see the section "Sample code for installing the module"): http://www.mozilla.org/projects/security/pki/nss/loadable_certs.html Wan-Teh _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
