Hashim Saleem wrote:
NSS understands, decodes, and uses a lot more extensions internally. There are only the ones that PSM knows how to display.Hi,
Well, according to my R&D, NSS only supports to decode (i.e. to print them in readable format not the hex dump) the following extensions for the following cryptographics objects.
Certificate ---------- BasicConstraint. Certificate Policies. AuthKeyID. KeyUsage. ExtKeyUsage. CRL Distribution Point. AuthInfoAccess.
There was a recent bug to expand the list of displayed extensions to closer to the ones NSS understands. The bug has a patch awaiting approval by mozilla:
https://bugzilla.mozilla.org/show_bug.cgi?id=259031
Please if someone can verify me on this. I couldnt find any NSS APIs to decode other X509 extensions.NSS can parse any extension that you supply the template for with SEC_ASN1DecodeItem() and CERT_FindCertExtension().
In NSS 3.10 several internal functions NSS uses to decode these extensions were (are being) exported:
CERT_DecodeAltNameExtension; CERT_DecodeAuthInfoAccessExtension; CERT_DecodeAuthKeyID; CERT_DecodeCRLDistributionPoints; CERT_DecodeNameConstraintsExtension; CERT_DecodePrivKeyUsagePeriodExtension; CERT_DestroyUserNotice; CERT_FinishCertificateRequestAttributes; CERT_GetCertificateNames; CERT_GetCertificateRequestExtensions; CERT_GetNextGeneralName; CERT_GetNextNameConstraint; CERT_GetPrevGeneralName; CERT_GetPrevNameConstraint; CERT_MergeExtensions; CERT_StartCertificateRequestAttributes; CERT_StartCRLEntryExtensions; CERT_StartCRLExtensions;
bob
smime.p7s
Description: S/MIME Cryptographic Signature
