[xmlsec] Mscrypto patch 2, for cvs XMLSEC_MSCRYPTO_083103 branch
aleksey at aleksey.com
Wed Sep 3 17:08:40 PDT 2003
Great! The patch is applied and commited! Thanks again for your work!
And I have some comments bellow.
>The patch includes:
>- Fix out-of-box compile error(s)
Good! I am downloading fresh MS Platform SDK now, hope to try your code
>- Code formatting (wrong identing, etc.) (At least I hope it's better
>- Fixes for signatures (RSA-SHA1) and RSA key wrapping (PKCS1). I've
>tested these against OpenSSL generated signatures and encrypted keys
>(together with des3-cbc) with success.
What about using the test suite from the xmlsec library itself? It
requires cygwin but
I guess you already have it. Just run the following commands from the
> sh ./tests/testDSig.sh ./tests <path to xmlsec> der
> sh ./tests/testEnc.sh ./tests <path to xmlsec> der
Probably we can add a new "test" option to win32 makefile as well
the cygwin is installed). I'll probably try to do it tonight.
>- Added mscrypto descriptions to a couple of html files (docs dir). An
>interesting issue I encountered: I don't know under what license exactly
>MS CryptoAPI libs (crypt32.lib) are distributed. The libraries are part
>of the OS, and are also distributed together with MS internet explorer.
>I couldn't find any quick info on this, and I didn't dive into details
>for this. So I put unknown in the license matrix :)
I updated it with my understanding of the situation: the libraries are
part of the OS thus it inherits
the OS license. There is no problem with using these libraries with
proprietary or MIT/BSD licensed
applications. Also GPL license allows using it with non-GPL libraries if
the later is part of the OS.
It's clear that we have exactly that case thus there should be no
problem too (unless MS change
license and restrict GPL programs from running on Windows all together :) ).
>Another issue on the documentation. It was not completely clear to me
>what could be regarded as supported by the mscrypto lib and what not,
>since I had the feeling in the support matrix are both core libxmlsec
>functionalities and crypto engine specific functionalities.
Yes. These matrixes are taken from W3C interop pages for XMLDSig and
XMLEnc. I feel that
using the same matrixes is a right thing because people may quickly
for different xmlsec-<crypto> libraries with any other library listed on
W3C interop pages. I checked
the pages for xmlsec-mscrypto and everything seems ok to me.
>Aleksey, could please apply the patch to the cvs branch? This time the
>patch is in UNIX format :)
Cool! Thanks a lot! BTW, while applying your patch I found a couple
files in docs/ folder with DOS
end of line which caused some problems :)
>I also discovered that I wrongly submitted the file mscerstore.c to
>src/mscrypto with the initial release of the mscrypto support. This file
>is not used, and can safely be removed (also from the cvs tree).
Done. File is removed.
>Have fun with the new code :)
As I wrote I hope to try it out tonight :)
More information about the xmlsec