[xmlsec] X509Certificate ordering
tito at online.de
Fri Jun 17 12:44:53 PDT 2011
> On 17 June 2011 15:18, Aleksey Sanin <aleksey at aleksey.com> wrote:
> > Te order of certificates is irrelevant for xml signature standard and xmlsec
> > does nothing about it.
> It does matter. Let me quote my esteemed colleague Paddy:
> The problem, if they are out of order, is knowing which is the
> end-entity certificate. There is no information to tell you which one
> it is - at least, there is no information that is *required* to be
Issuer and Subject names will tell you everything you need to know. In a
certificate chain the leaf certificate's subject name will not show up
as issuer in any of the other chain members.
Filmmuseum Munich http://www.stadtmuseum-online.de/aktuell/filmre.htm
Digital Cinema Tools https://github.com/wolfgangw/digital_cinema_tools/wiki
More information about the xmlsec