Hashim,
You may have missed a couple of certificate extensions, in particular Netscape extensions - I don't have the full list . Your findings are correct for CRLs. I didn't have time to review OCSP.
Note that Sun has funded a project to get NSS up to RFC3280 compliance. I can't get into any more specifics at this time.
Hashim Saleem wrote:
Hi,
Well, according to my R&D, NSS only supports to decode (i.e. to print them in readable format not the hex dump) the following extensions for the following cryptographics objects.
Certificate ---------- BasicConstraint. Certificate Policies. AuthKeyID. KeyUsage. ExtKeyUsage. CRL Distribution Point. AuthInfoAccess.
CRL ----- Nothing
CRL Entry ----------- InvalidityDate.
OCSPRequest --------------- Nothing
OCSPResponse ----------------- Nothing
Please if someone can verify me on this. I couldnt find any NSS APIs to decode other X509 extensions.
Regards,
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
