Stanislav Brabec wrote:
Don't use CERT_DecodeDERCertificate. It's a private symbol that requires much care (it doesn't return a fully usable CERTCertificate *). To inidcate this you will find that it's exported as __CERT_DecodeDERCertificate() and requires work to get to.Robert Relyea wrote:When identical certs are imported into NSS, they are given the same reference counted pointer, so the test is as easy as:cert1 == cert2Thanks, and what about d2i_X509() counterpart:undefined symbol: d2i_X509 (.libs/ldap_mapper.so) So the library can't be used. d2i_X509 is an OpenSSL function so I am not surprised it is not found when linked with NSS.Could it be implemented using CERT_DecodeDERCertificate()? extern CERTCertificate * CERT_DecodeDERCertificate (SECItem *derSignedCert, PRBool copyDER, char *nickname);
Use CERT_NewTempCertificate() instead. Older versions of NSS exported this symbol as __CERT_NewTemp.... as well, but we've officially blessed it as safe. In nss 3.12 it's fully exported (the old symbol will continue to be available as well).
It's Signature is
extern CERTCertificate *
CERT_NewTempCertificate (CERTCertDBHandle *handle, SECItem *derCert,
char *nickname, PRBool isperm, PRBool copyDER);
handle is an historical dreg passing it CERT_GetDefaultCertDB() is fine.
Nickname can be NULL, isPerm should be set to FALSE (or it will try to
load the cert into the default database).
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
