[xmlsec] Re: GOST support in xmlsec

Aleksey Sanin aleksey at aleksey.com
Tue Feb 14 07:29:16 PST 2006

>>> We've fixed x509vfy.c patch. The problem was in two typos in recursion
>>> calls. New version is attached.
>> Great! Now all the tests pass. Last thing I would like to understand is
>> what this patch is doing :) It seems like it changes the trusted
>> certificates processing a little bit:
>>   - now xmlsec always looks at both trusted certs in the manager and in
>>     the system;
>>   - with this patch, xmlsec will not look at the system trusted certs
>>     if there are trusted certs in manager.
>> Is this correct? Am I missing something else?
> Yes, it seems to be correct.

Hm... Any particular reason for this? It seems to me that if you have
trusted certs then you need to use *all* of them. Plus I am a little
bit afraid that this might screw existing applications.


More information about the xmlsec mailing list