[Bulk] Re: [xmlsec] FW: Cert Chain Validation 1.2.8 mscrypto

Edward Shallow ed.shallow at rogers.com
Fri Jan 13 08:14:30 PST 2006


Thanks for all the support. I am not crazy about the misleading error
messages on both the "unable to find local issuer certificate" and the
CertStrToName, but everything seems to be the same on both your setup and

I will move on to continue testing Dmitry's patch.

Thanks again,


-----Original Message-----
From: xmlsec-bounces at aleksey.com [mailto:xmlsec-bounces at aleksey.com] On
Behalf Of Aleksey Sanin
Sent: January 13, 2006 10:40 AM
To: Dmitry Belyavsky
Cc: Edward Shallow; xmlsec at aleksey.com
Subject: [Bulk] Re: [xmlsec] FW: Cert Chain Validation 1.2.8 mscrypto

>> Can error messages 1 and 2 be ignored ?
> It seems to be they can. I've got this messages when I used 
> wrong-delimited CN as KeyName.

Exactly! You have several ways to get keys. If some of them do not work and
you get error messages from xmlsec or OS but one of them does work then
everything is good and the signature is valid.

I did not send this output because it was irrelevant for the discussion we
had about xmlsec-mscrypto certs verification :)


xmlsec mailing list
xmlsec at aleksey.com

More information about the xmlsec mailing list