[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>
Aleksey Sanin
aleksey at aleksey.com
Thu Jul 17 08:30:37 PDT 2003
Hi, Roumen!
Unfortunatelly, I could not open your diff files by some reasons
(the folders are there but diff itself is empty). However, from your
description I see a problem with this patch. You are using a static
variable to determine the format and this seems wrong to me.
xmlsec library has two ways to control the processing: templates
and contexts. This allows user to have different processing rules
for different threads. Using a static variable breaks this very
important feature.
I would think that the right way to achieve your goal would be to
put control in templates. For example, xmlsec could read the
<X509Data/> node from template and write back:
1) <X509Certificate/> if there is no child elements
2) subject name/issuer/certificate if there is corresponding
child node in the <X509Data/> template
In addition to that we should determine when to write CRLs (always?).
Finally, there is a good question about an option to write full
certificate and subject for another one in the same time. Is it possible?
Can you suggest a good simple scheme to control this?
Aleksey
More information about the xmlsec
mailing list