[Bulk] Re: [Bulk] Re: [xmlsec] Verify - OpenSSL vs mscrypto
Aleksey Sanin
aleksey at aleksey.com
Wed Jan 11 11:25:34 PST 2006
Please, try to reproduce the problem with xmlsec command line
utility.
Aleksey
Edward Shallow wrote:
> Aleksey wrote ...
>
> I do believe that the xmlsec-mscrypto code *does* build the chain and it
> *does* verify it against the "trusted" certificates installed by the app.
> With Dmitry's patch, xmlsec-mscrypto *also* uses trusted certificates from
> the MSCrypto certificates store.
>
>
>
> Yes this is what I thought too. But my test on 1.2.8 (shown in previous post
> and included below) never checks whether I load the trusted certs or not ???
> 2nd last line.
>
> I don't mind waiting for Dmitry's patch, I was just trying to get it going
> now.
>
> Ed
>
>
>
> xmlsec.xmlSecInit()
> xmlsec.xmlSecCryptoDLInit()
> xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto')
> xmlsec.xmlSecCryptoAppInit('MY')
> xmlsec.xmlSecCryptoInit()
> parsedDoc = libxml2.xmlParseFile('c:/xmlsec/inout/edsigned-enveloped.xml')
> trustedDer = 'c:/xmlsec/keys/cacert.der' <===
> trusted root in der format
> rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
> sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
> 'http://www.w3.org/2000/09/xmldsig#')
> keysMngr = xmlsec.xmlSecKeysMngrCreate()
> xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
> dsigCtx = xmlsec.xmlSecDSigCtxCreate()
> xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
> xmlsec.xmlSecCryptoAppKeysMngrCertLoad(keysMngr, trustedDer, 3, 256)
> <=== load trusted root
> xmlsec.xmlSecDSigCtxVerify(dsigCtx, sigNode)
>
>
>
More information about the xmlsec
mailing list