NortonNg wrote:
>
> hi..
> i saw your post at openssl mailing list about a way to add any arbitrary
> CA certificate into certificate database of Netscape Communicator,
> i am interesting about it..can you show me the source code.
>
>
> jkng.
>
Soory You got the wrong person, mine was only a reply stating that it is very
dangerous to add certificates to Netscape db WITHOUT explicit user acceptance
and that it should be forwarded to Netscape and signaled as a bug: it does not
give the ability to the user to refuse the certificate... :-D
If you want to add a CA certificate to Netscape db, simply send a certificate in
.der format with the
Content-Type: application/x-x509-ca-cert
Then the user will be asked to accept the CA certificate. I send you some code
from the OpenCA project.
C'you,
Massimiliano Pala ([EMAIL PROTECTED])
#!/usr/bin/perl
## Send Certificates Tool - V2.0
## (c) 1999 by Massimiliano Pala and the OpenCA Group
## Uses the OpenCA::TRIStateCGI module by Massimiliano Pala
## to generate, check and manipulate FORMs Objects
use OpenCA::TRIStateCGI;
## Uses the OpenCA::Configuration module by Massimiliano Pala
## to load the configuration file
use OpenCA::Configuration;
my $query = new OpenCA::Configuration;
## Build a Configuration Object
my $config = new OpenCA::Configuration;
## Define the Configuration Name
my $CONFIG = 'secure.cnf';
## Load the Configuration file (read and parse)
if( $config->loadCfg( $CONFIG ) == undef ) {
print "Content-type: text/html\n\n";
configError( "Unable to load configuration file (request.cnf)!");
}
## Flush the output stream
$|=1;
my $cacert = getRequired( 'CACert' );
putCACert( "$cacert" );
## Subroutines Section (Last Modified on 08 September 1998)
## Changes by Massimiliano Pala ([EMAIL PROTECTED])
sub putCACert {
my @keys = @_;
$cacert = $keys[0];
print "Content-Type: application/x-x509-ca-cert\n\n";
open (FD ,"$cacert") or die "Error: Can't access CA Certificate!";
while (<FD>) {
print $_;
}
close FD
}
sub getRequired {
## Returns required parameter SINGLE STRING VALUE
## this function simplifies the parameter access
## but returns only the first parameter
my $name = @_[0];
my $tmp;
if( ($tmp = $config->getParam($name)) == undef ) {
## If there is an Error, just send the missing
## parameter error to the browser
configError( "Missing Configuration Keyword : $dir" );
}
## If all gone well we should have the value string in
## $ret and return it to the calling funcion;
$ret = $tmp->{VALUES}->[0];
return $ret;
}
sub configError {
my @keys = @_;
my $err = $keys[0];
print $query->start_html(-title=>"Administration Error",
-BGCOLOR=>"#FFFFFF");
print "<CENTER><BR><HR WIDTH=80%><BR></CENTER>";
print "<OL><OL><H1><FONT COLOR=red>Error 690 </FONT></H1>";
print "<OL> <B>Configuration Error</B>. $err.</OL></OL></OL>";
print "<CENTER><HR></CENTER>\n</BODY>\n</HTML>\n";
}
S/MIME Cryptographic Signature
