Closed Bug 397990 Opened 17 years ago Closed 7 years ago

libsmime: add a variant of NSS_CMSSignedData_CreateCertsOnly() which supports inclusion of root certificate

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mozbgz, Unassigned)

Details

Encountered with bug 315871, when adding a function to PSM which allows exporting a certificate in PKCS#7/CMS format: NSS_CMSSignedData_CreateCertsOnly() currently doesn't support inclusion of the root certificate. It's defined as

  extern NSSCMSSignedData *
  NSS_CMSSignedData_CreateCertsOnly(NSSCMSMessage *cmsg, CERTCertificate *cert, PRBool include_chain);

There should be an additional function in libsmime which permits the caller to specify whether or not the root should be included. The most versatile solution would probably be to support an argument indicating the chain mode, using this enum from cms.h:

  typedef enum {
      NSSCMSCM_None = 0,
      NSSCMSCM_CertOnly = 1,
      NSSCMSCM_CertChain = 2,
      NSSCMSCM_CertChainWithRoot = 3
  } NSSCMSCertChainMode;

(NSSCMSCM_None doesn't make any real sense for such a function, but the remaining ones cover all cases that come to mind.)

Let me know if I should (try to) produce a patch, once we have agreed on how the function should be implemented.

When this is added, PSM's nsNSSCertificate::ExportAsCMS() can be modified to use the new function. Also, cmsutil ("-O" switch) could be enhanced to support this functionality.
At this point I don't think we're adding more stuff to libsmime.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.