[xmlsec] Verify - OpenSSL vs mscrypto

Dmitry Belyavsky beldmit at cryptocom.ru
Wed Jan 11 11:12:45 PST 2006


On Wed, 11 Jan 2006, Edward Shallow wrote:

> Dmitry,
> I have not checked your latest patch, but to avoid my concern 2) below, can
> you call certCreateCertificateContext from the pbCertEncoded certificate
> extracted from the signed document instead of expecting it to already be in
> a store ? This would avoid the need for the verifier to have the signer's
> public certificate in any of their stores.
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/s
> ecurity/certcreatecertificatecontext.asp
> If you are not already doing this, is this possible ?

XMLSec extracts certs from the document itself. Signer's cert shouldn't
be present in any store, it may be present in the document only. Sorry,
I can't answer your question.

SY, Dmitry Belyavsky (ICQ UIN 11116575)

More information about the xmlsec mailing list