[xmlsec] Verify signature after certificate expired

Aleksey Sanin aleksey at aleksey.com
Wed Oct 9 08:04:44 PDT 2002

 From the general security point of view the data are *not valid* if the 
cert is expired.
If you really want to do this then you should take a look at the OpenSSL 
verification function and remove date check. However, this is DANGEROUSE!


Roman Bouchner wrote:

>I would like to verify signed data however signer's certificate has
>already expired. I want only verify data integrity.
>If I use function xmlSecDSigValidate, it returns negative value, so I
>cannot determine if data was changed or not.
>If I change local date it does work, however it is not right way I
>How I can solve this problems?
>Roman Bouchner
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list