[xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

Edward Shallow ed.shallow at rogers.com
Mon Dec 19 09:41:07 PST 2005

Thanks Aleksey,

I guess there is no non-crypto-specific version of this function ?

Then does a call to xmlSecMSCryptoX509StoreConstructCertsChain do both a
cert chain check and a revocation check ?

Does this work now, or will it work only after Dmitry's patch ?


-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: December 19, 2005 10:58 AM
To: ed.shallow at rogers.com
Cc: 'Dmitry Belyavsky'; 'XMLSec'
Subject: Re: [xmlsec] xmlSecMSCryptoX509StoreConstructCertsChain

> I can't find where CRL checking is done. Is certificate verification 
> against a CRL the application's responsibility outside of xmlsec ?

In the current xmlsec-mscrypto code the CRL check is done in
xmlSecMSCryptoCheckRevocation() function called from
xmlSecMSCryptoX509StoreConstructCertsChain() function.


More information about the xmlsec mailing list