[xmlsec] Re: Invalid certificate (and new todo)

Aleksey Sanin aleksey at aleksey.com
Wed Sep 24 17:12:53 PDT 2003

I looked at this change. It does not sound very bad. But it might create 
problems with merging branch to the trunk. Since I think that mscrypto 
code is
in a pretty good shape right now, I would suggest to first merge it into 
the trunk.

Wouter, what do you think about that?


My Todo List (do not hesitate to let me know if something is missing)

Before 1.2 release:

0) Merge branch to the trunk.
1) Run API docs generator to find out how bad is the situation. Fix as much
as possible (Wouter, I would probably need you help with this).
2) Create "Cert" key type for public keys.
3) Look into failing tests (there is a new pkcs12 file from Wouter that 
needs to be tested).
4) Do one more code review pass.
5) Think about running xmlsec-mscrypto with memory checker

After 1.2 release:
0) Do internal code cleanup in xmlsec-mscrypto and xmlsec-nss. The goal is
to minimize the number of cases when our internal functions return strings
that needs to be freed. For example,

        static xmlChar*         
xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert);

should be converted to

        static int                     
xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert,
                            xmlNodePtr node);


More information about the xmlsec mailing list