[Bulk] Re: [Bulk] Re: [xmlsec] Verify - OpenSSL vs mscrypto

Edward Shallow ed.shallow at rogers.com
Wed Jan 11 11:20:34 PST 2006


Aleksey wrote ... 

I do believe that the xmlsec-mscrypto code *does* build the chain and it
*does* verify it against the "trusted" certificates installed by the app. 
With Dmitry's patch, xmlsec-mscrypto *also* uses trusted certificates from
the MSCrypto certificates store.



Yes this is what I thought too. But my test on 1.2.8 (shown in previous post
and included below) never checks whether I load the trusted certs or not ???
2nd last line.

I don't mind waiting for Dmitry's patch, I was just trying to get it going
now.

Ed

 

xmlsec.xmlSecInit()
xmlsec.xmlSecCryptoDLInit()
xmlsec.xmlSecCryptoDLLoadLibrary('mscrypto')
xmlsec.xmlSecCryptoAppInit('MY')
xmlsec.xmlSecCryptoInit()
parsedDoc = libxml2.xmlParseFile('c:/xmlsec/inout/edsigned-enveloped.xml')
trustedDer = 'c:/xmlsec/keys/cacert.der'                                <===
trusted root in der format
rootNode = libxml2.xmlDocGetRootElement(parsedDoc)
sigNode = xmlsec.xmlSecFindNode(rootNode, 'Signature',
'http://www.w3.org/2000/09/xmldsig#')
keysMngr = xmlsec.xmlSecKeysMngrCreate()
xmlsec.xmlSecCryptoAppDefaultKeysMngrInit(keysMngr)
dsigCtx = xmlsec.xmlSecDSigCtxCreate()
xmlsec.xmlSecDSigCtxInitialize(dsigCtx, keysMngr)
xmlsec.xmlSecCryptoAppKeysMngrCertLoad(keysMngr, trustedDer, 3, 256)
<===    load trusted root
xmlsec.xmlSecDSigCtxVerify(dsigCtx, sigNode) 






More information about the xmlsec mailing list