Determine if certificate is present (by nickname)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Determine if certificate is present (by nickname)

Ian Pilcher
I working on what should be (or so I thought) a simple program to
update a web site certificate in the mod_nss database (when a new
certificate is retrieved from Let's Encrypt).

The basic process I am using is:

   1. Initialize the library
   2. Parse the new certificate (from a PEM file)
   3. Delete any pre-existing certificates
   4. Import the new certificate
   5. Shutdown the library

(Apache is shutdown during this process, so concurrent access shouldn't
be an issue.)

It seems simple enough, but step #3 is proving to be difficult.  In my
testing, I have found that any of the *_FindCerts*Nickname functions
are returning SEC_ERROR_BAD_DATABASE in the case when there are no pre-
existing certificates.

How can I distinguish between the "no such certificate exists" case
and the "your database is corrupt" case?

Ian Pilcher                                         [hidden email]
-------- "I grew up before Mark Zuckerberg invented friendship" --------

dev-tech-crypto mailing list
[hidden email]