[xmlsec] core methods for write of <X509SubjectName/> and <X509IssuerSerial/>

Aleksey Sanin aleksey at aleksey.com
Thu Jul 17 08:30:37 PDT 2003

Hi, Roumen!

Unfortunatelly, I could not open your diff files by some reasons
(the folders are there but diff itself is empty). However, from your
description I see a problem with this patch. You are using a static
variable to determine the format and this seems wrong to me.
xmlsec library has two ways to control the processing: templates
and contexts. This allows user to have different processing rules
for different threads. Using a static variable breaks this very
important feature.

I would think that the right way to achieve your goal would be to
put control in templates.  For example, xmlsec could read the
 <X509Data/> node from template and write back:
    1) <X509Certificate/> if there is no child elements
    2) subject name/issuer/certificate if there is corresponding
    child node in the <X509Data/> template
In addition to that we should determine when to write CRLs (always?).

Finally, there is a good question about an option to write full
certificate and subject for another one in the same time. Is it possible?
Can you suggest a good simple scheme to control this?


More information about the xmlsec mailing list