[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

Aleksey Sanin aleksey at aleksey.com
Sun Dec 18 16:12:22 PST 2005


Sorry for delay with response... Just too many things happen
in the same time :(

Anyway, I have some questions about the patch:

1) Do you have some specific problem you are trying to address
with this patch? It seem like you do call xmlSecBuildChainUsingWinapi()
function right before doing xmlsec cert verification. And in all
my tests cases this function never returns "OK".

2) In all the MSDN examples I can find, CertGetCertificateChain()
function always has NULL for the "additional store" parameter and
in the code you pass the trusted certificates handle. Are you sure
that this is the correct way? Shouldn't it be untrusted certs or
may be CRLs list instead?

3) I don't see how CertGetCertificateChain() function handles CRLs
that might have been passed to xmlsec.


Best,
Aleksey


More information about the xmlsec mailing list