[xmlsec] Verify - OpenSSL vsmscrypto

Aleksey Sanin aleksey at aleksey.com
Thu Jan 12 14:55:14 PST 2006


I believe that in this case xmlsec-mscrypto does not construct
the certificates chain at all. The document has <dsig:KeyName>
element and xmlsec simply finds the signature key in the MSCrypto
store using this key name. For openssl, there is not "permanent"
key storage and everything works fine.

To correctly test this, you need to either delete the key from your
MSCrypto keys store or login as a different user (with different
key store). I believe Dmitry already suggested this before but
I missed the point then :(

Aleksey

Edward Shallow wrote:
> Here they are ... 
> 
> -----Original Message-----
> From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
> Behalf Of Aleksey Sanin
> Sent: January 12, 2006 1:01 AM
> To: ed.shallow at rogers.com
> Cc: xmlsec at aleksey.com
> Subject: [Bulk] Re: [Bulk] Re: [Bulk] Re: [Bulk] Re: [xmlsec] Verify -
> OpenSSL vsmscrypto
> 
> Can you share the designed-enveloped.xml and upu-cacert.der, please?
> 
> Aleksey
> 
> Edward Shallow wrote:
>> Aleksey wrote:
>>
>> Please, try to reproduce the problem with xmlsec command line utility.
>>
>>
>>
>>



More information about the xmlsec mailing list