[xmlsec] Big patch to xmlsec in recent OpenOffice.org sources

Aleksey Sanin aleksey at aleksey.com
Sun Feb 27 21:20:24 PST 2005

I applied and commited all the changes from src/mscrypto/certkeys.c file
except the ref-counting change we discussed before (item 2) from prev
issues list) and as I mentioned before I merged xmlsec-mscrypto library
AppliedKeysManager and DefaultKeysManager. You will need to slightly
change your code but it should be trivial and safe change.

Thus, the only two remaining issues for OO.org xmlsec-mscrypto
patch are:
2) (OO.org team) mscrypto handles ref-counting and multithreading
3) (aleksey) xmlSecMSCryptoKeyDataX509VerifyAndExtractKey function

Note that I found few more issues but I don't think any of them
require any actions from us and I would like to just mention them here
for your reference:

4) src/mscrypto/certkeys.c, xmlSecMSCryptoKeyDataAdoptCert() function:
There is a change in CryptAcquireContext() call: the ctx->providerName
is replaced with NULL. I believe that in this case, the default crypto
provide will be used and I agree that this is a right thing to do.
However, I am not sure if this would change anything for other
xmlsec-mscrypto users.

5) src/mscrypto/certkeys.c, xmlSecMSCryptoKeyDataDsaGenerate() function:
I have to reject this change. I believe that there is no change in
functionality. This change simply replaces centralized resource
de-allocation based on goto with copy/pasting resource de-allocation
code in several places.

6) src/mscrypto/certkeys.c, xmlSecMSCryptoX509StoreConstructCertsChain()
The new code tries to construct a certs chain for a self-signed cert
even if it is not found in the trusted store. I believe, this is
incorrect. If we can not find self-signed cert in the trusted
certs store, then we just need to return FALSE (can't construct trusted
certs chain). I modified the code to do exactly that and it passes
all my tests. Hope it will work for you too.

7) src/mscrypto/certkeys.c, xmlSecMSCryptoX509StoreVerify() function:
I slightly modified the code to make it look better w/o changing the
functionality. Hope you would not mind.

BTW, currently xmlsec-mscrypto passes all the tests as before thus the
problems I had before are caused by either item 2) or 3) from above :)


More information about the xmlsec mailing list