1

I need to write a small program which parses X509 Certificates, build a Certificate Chain and validate it using Mozilla NSS Library. Starting from parsing a single Certificate, I find these two function:

  • CERT_ConvertAndDecodeCertificate(char *str) for PEM Certificates
  • CERT_DecodeFromCertPackage(char *str,int len) which I suppose works for DER Certificates

    • However, I don't manage to find the libraries in which the code of the function is located. According to NSS' guideline (https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_API_GUIDELINES), it should be in libcertdb, but when I compile with the below line I get an undefined reference to both methods.

    gcc -o try_nss try_nss.c -lcertdb

    I downloaded and installed NSS 3.21. The file libcertdb.a is in my /usr/lib/ directory.

    Nicholas Mainardi
    • 59
    • 1
    • 4
    • You really need NSS? It's easy with openssl – Ctx Jan 24 '16 at 00:40
    • Unfortunately yes, I need to compare all these libraries, so I need a program for every library. – Nicholas Mainardi Jan 24 '16 at 13:33
    • Bad luck ;) But the symbol should be located in libsmime3.so, so try to use `-lsmime3`. But maybe, `CERT_VerifyCertificate` is better suitable for your task? – Ctx Jan 24 '16 at 13:44
    • Yes, thank you, not it compiles! Even if ConvertAndDecode goes to seg-fault. However, my plan is using CERT_VerifyCertNow, which requires a CERTCertificate data as a parameter, so I think that these two functions are the ones I need to get certificate in that structure. – Nicholas Mainardi Jan 24 '16 at 15:56
    • To get all the libraries required for nss, you can use nss-config: `nss-config --libs` `-L/usr/lib/x86_64-linux-gnu -lssl3 -lsmime3 -lnss3 -lnssutil3` – Matthew Jan 12 '22 at 18:19

    0 Answers0