OK, here is how it works with mscrypto and xmlsec 1.2.18<br><br><span style="font-size: 11pt; font-family: "Calibri","sans-serif";">Example 1:<br></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA"><KeyName></span><span style="font-size: 11pt; font-family: "Calibri","sans-serif";">CA, GC, PWGSC-TPSGC, "Ed Shallow"</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA"></KeyName></span><br>
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA"></span><br><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA">Example 2 with a special character:<br></span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA"><KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;mso-fareast-theme-font:minor-latin;mso-bidi-font-family:
"Times New Roman";mso-ansi-language:EN-US;mso-fareast-language:EN-US;
mso-bidi-language:AR-SA"></KeyName></span><br><br>In other words, do not use the sub-type qualifiers in the DN string i.e. cn= ou= o= c=<br><br>Order is also important.<br><br>Cheers,<br>Ed<br><br><div class="gmail_quote">
On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <span dir="ltr"><<a href="mailto:ed.shallow@gmail.com">ed.shallow@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<p>OK. Give me a day or so and I will check the source to see if anything has changed in the CAPI calls.</p><div><div></div><div class="h5">
<div class="gmail_quote">On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <<a href="mailto:aleksey@aleksey.com" target="_blank">aleksey@aleksey.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Not that I am aware of.<br>
<br>
Aleksey<br>
<br>
On 10/19/11 2:02 PM, EdShallow wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
. . . sorry forgot to mention, this behavior is with mscrypto<br>
Ed<br>
<br>
---------- Forwarded message ----------<br>
From: "EdShallow" <<a href="mailto:ed.shallow@gmail.com" target="_blank">ed.shallow@gmail.com</a> <mailto:<a href="mailto:ed.shallow@gmail.com" target="_blank">ed.shallow@gmail.com</a>>><br>
Date: Oct 19, 2011 3:55 PM<br>
Subject: Use of full DistinguishedName in KeyName<br>
To: "<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a> <mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>" <<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<mailto:<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a>>><br>
<br>
Hi Aleksey,<br>
<br>
Use of full DN in KeyName template element used to work in oldwr<br>
versions of xmlsec.<br>
<br>
As of 1.2.18 I can only get CommonName to work.<br>
<br>
Example:<br>
This works<br>
<KeyName>Shallow Ed</KeyName><br>
<br>
This does not:<br>
<KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</<u></u>KeyName><br>
<br>
I receive an "Object or property cannot be found" message.<br>
<br>
Are there any constraints for naming?<br>
<br>
Ed<br>
<br>
<br>
<br>
______________________________<u></u>_________________<br>
xmlsec mailing list<br>
<a href="mailto:xmlsec@aleksey.com" target="_blank">xmlsec@aleksey.com</a><br>
<a href="http://www.aleksey.com/mailman/listinfo/xmlsec" target="_blank">http://www.aleksey.com/<u></u>mailman/listinfo/xmlsec</a><br>
</blockquote>
</blockquote></div>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Ed's Contact Information:<br>Mobile Phone: 613-852-6410<br>Gmail: <a href="mailto:ed.shallow@gmail.com">ed.shallow@gmail.com</a><br>VOIP Address: <a href="mailto:107529@sip.ca1.voip.ms">107529@sip.ca1.voip.ms</a><br>
VOIP DID#: 613-458-5004<br>Skype ID: edward.shallow<br>Home Phone: 613-482-2090<br><br>