[xmlsec] Verify - OpenSSL vs mscrypto

Edward Shallow ed.shallow at rogers.com
Wed Jan 11 08:02:01 PST 2006


Dmitry wrote ...

Edward, when you verify the signature using your own certs ('MY' cert
storage), the library doesn't verify chain using my patch. To see my patch
really works you need to verify the signature from the other user's account
with signer's CA cert and CRL installed.

I do not know what you mean by "the other user's account". All personal
certificates used by an individual are installed in the default 'MY' store.
At verification time, the starting point for the get certificate chain
processing is from the cert context of the signer's cert no matter who does
that verification. In fact the signer's cert should not have to be in the
verifier's store at verify time. The first certificate to chase in the chain
should be the immediate issuer's certificate etc ... What does "other user's
account" mean ?


   Dmitry is answering with respect to how his patch works. How do you get
the current Build to verify the certificate chain ?


More information about the xmlsec mailing list