Closed
Bug 397990
Opened 17 years ago
Closed 7 years ago
libsmime: add a variant of NSS_CMSSignedData_CreateCertsOnly() which supports inclusion of root certificate
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: mozbgz, Unassigned)
Details
Encountered with bug 315871, when adding a function to PSM which allows exporting a certificate in PKCS#7/CMS format: NSS_CMSSignedData_CreateCertsOnly() currently doesn't support inclusion of the root certificate. It's defined as extern NSSCMSSignedData * NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain); There should be an additional function in libsmime which permits the caller to specify whether or not the root should be included. The most versatile solution would probably be to support an argument indicating the chain mode, using this enum from cms.h: typedef enum { NSSCMSCM_None = 0, NSSCMSCM_CertOnly = 1, NSSCMSCM_CertChain = 2, NSSCMSCM_CertChainWithRoot = 3 } NSSCMSCertChainMode; (NSSCMSCM_None doesn't make any real sense for such a function, but the remaining ones cover all cases that come to mind.) Let me know if I should (try to) produce a patch, once we have agreed on how the function should be implemented. When this is added, PSM's nsNSSCertificate::ExportAsCMS() can be modified to use the new function. Also, cmsutil ("-O" switch) could be enhanced to support this functionality.
Comment 1•7 years ago
|
||
At this point I don't think we're adding more stuff to libsmime.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•