[xmlsec] New feature in xmlsec

Aleksey Sanin aleksey at aleksey.com
Wed Feb 5 09:54:22 PST 2003

Hi, Jean-Etienne!

Thanks for the patch! I've applied and commited it with minor 
modification to
allow 0 depths (just set the initial depth to 9 when we create 
X509_STORE :) ).
I think that someone migth need it one day.

With best regards,

jean-etienne.schwartz at bull.net wrote:

>Hello aleksey,
>at first, really thank you for your good ``xmlsec'' library.
>The hint of this feature is to improve the certificate verification
>by adding a limitation in the certificate chain. This is necessary because
>OpenSSL use a default maximum chain length of nine.
>The next 'diffs' are made on the xmlsec-0.0.12 tree
>The modifications in 'x509.c' are valid for OpenSSL-0.9.6 and OpenSSL-0.9.7
>The test against a 0 value of depth is for backward comptability (the key
>manager is
>initialized with this value) and for sematic: a value of 0 allow *ONLY*
>self signed
>     Jean-Etienne SCHWARTZ

More information about the xmlsec mailing list