Well...... it looks that I dont have to do a lot of work if I stick to NSS 3.9 :)
Thank you all for your replies. "Bob Relyea" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hashim Saleem wrote: > >>Hi, >> >>Well, according to my R&D, NSS only supports to decode (i.e. to print them >>in readable format not the hex dump) the following extensions for the >>following cryptographics objects. >> >>Certificate >>---------- >>BasicConstraint. >>Certificate Policies. >>AuthKeyID. >>KeyUsage. >>ExtKeyUsage. >>CRL Distribution Point. >>AuthInfoAccess. >> >> > NSS understands, decodes, and uses a lot more extensions internally. There > are only the ones that PSM knows how to display. > There was a recent bug to expand the list of displayed extensions to > closer to the ones NSS understands. The bug has a patch awaiting approval > by mozilla: > > https://bugzilla.mozilla.org/show_bug.cgi?id=259031 > >>Please if someone can verify me on this. I couldnt find any NSS APIs to >>decode other X509 extensions. >> > NSS can parse any extension that you supply the template for with > SEC_ASN1DecodeItem() and CERT_FindCertExtension(). > In NSS 3.10 several internal functions NSS uses to decode these extensions > were (are being) exported: > > CERT_DecodeAltNameExtension; > CERT_DecodeAuthInfoAccessExtension; > CERT_DecodeAuthKeyID; > CERT_DecodeCRLDistributionPoints; > CERT_DecodeNameConstraintsExtension; > CERT_DecodePrivKeyUsagePeriodExtension; > CERT_DestroyUserNotice; > CERT_FinishCertificateRequestAttributes; > CERT_GetCertificateNames; > CERT_GetCertificateRequestExtensions; > CERT_GetNextGeneralName; > CERT_GetNextNameConstraint; > CERT_GetPrevGeneralName; > CERT_GetPrevNameConstraint; > CERT_MergeExtensions; > CERT_StartCertificateRequestAttributes; > CERT_StartCRLEntryExtensions; > CERT_StartCRLExtensions; > > bob > _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
