[xmlsec] Re: GOST support in xmlsec
Aleksey Sanin
aleksey at aleksey.com
Tue Feb 14 07:29:16 PST 2006
>>> We've fixed x509vfy.c patch. The problem was in two typos in recursion
>>> calls. New version is attached.
>> Great! Now all the tests pass. Last thing I would like to understand is
>> what this patch is doing :) It seems like it changes the trusted
>> certificates processing a little bit:
>> - now xmlsec always looks at both trusted certs in the manager and in
>> the system;
>> - with this patch, xmlsec will not look at the system trusted certs
>> if there are trusted certs in manager.
>>
>> Is this correct? Am I missing something else?
>
> Yes, it seems to be correct.
Hm... Any particular reason for this? It seems to me that if you have
trusted certs then you need to use *all* of them. Plus I am a little
bit afraid that this might screw existing applications.
Aleksey
More information about the xmlsec
mailing list