[xmlsec] X509Data sub-element detail ?

Edward Shallow ed.shallow at rogers.com
Thu Aug 7 06:59:34 PDT 2003 

As always, thanks for the quick reply.

I'm using Igor's Windows binaries which I believe were and still are at 1.04

Yes the p12 has a cert in it. I can otherwise sign and validate documents
signed with it.

As I mentioned the X509 gets populated O.K. in the first template below, I'd
just like to get the other details in.

If you are tuning in Igor, is there any chance you will be recompiling the
Windows binaries for 1.1.0 any time soon ?

Thanks in advance,
Ed  


-----Original Message-----
From: xmlsec-admin at aleksey.com [mailto:xmlsec-admin at aleksey.com] On Behalf
Of Aleksey Sanin
Sent: August 7, 2003 12:05 AM
To: Edward Shallow
Cc: xmlsec at aleksey.com


>xmlsec sign --pkcs12 keys/EdSign.p12 --output inout/edsigned1.xml 
>tmpl/tmpl-EPM-sign.xml
>
>... This in the template works ...
>
><X509Data>
></X509Data>
>
>... This in the template does not ...
>
><X509Data>
>	<X509SubjectName/>
>	<X509Certificate/>
></X509Data>
>  
>

The second template should work if you are using xmlsec-openssl 1.1.0 or
xmlsec-nss from CVS trunk. If you have correct version and it does not work
then it's probably a bug somewhere. I would appreciate if you can file a bug
report and provide as much details as possible (xmlsec version + crypto, os,
templates you are using,
pkcs12 file if possible).

>Where is the additional X509 detail extracted from ? I tried adding: 
>
>--trusted-der keys/cacert.der
>
>... to the command line to no avail. 
>  
>
This has nothing to do with it. "--trusted-*" options tells xmlsec which
certs are trusted when it verifies signature. XMLSec gets certificates from
the key. In you case, from PKCS12 file.
BTW, do you have a cert in this file?


>I'd also like to include other X509 info like issuer, valid from, valid 
>to, cert serial number, etc ...
>  
>
This goes outside the scope of XMLDSig specification [1]. All this
information is available inside the cert itself and you can include full
certificate using <X509Certificate/> node.

Aleksey


[1] http://www.w3.org/TR/xmldsig-core/#sec-X509Data



_______________________________________________
xmlsec mailing list
xmlsec at aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list