Determine if certificate is present (by nickname)

I working on what should be (or so I thought) a simple program to
update a web site certificate in the mod_nss database (when a new
certificate is retrieved from Let's Encrypt).

The basic process I am using is:

   1. Initialize the library
   2. Parse the new certificate (from a PEM file)
   3. Delete any pre-existing certificates
   4. Import the new certificate
   5. Shutdown the library

(Apache is shutdown during this process, so concurrent access shouldn't
be an issue.)

It seems simple enough, but step #3 is proving to be difficult.  In my
testing, I have found that any of the *_FindCerts*Nickname functions
are returning SEC_ERROR_BAD_DATABASE in the case when there are no pre-
existing certificates.

How can I distinguish between the "no such certificate exists" case
and the "your database is corrupt" case?

Ian Pilcher                               
-------- "I grew up before Mark Zuckerberg invented friendship" --------

3/20/2017 7:18:45 AM 2038 articles. 1 followers. Post Follow

0 Replies

Similar Articles

[PageSpeed] 46