[xmlsec] Trusted certs directory

Aleksey Sanin aleksey at aleksey.com
Mon Aug 14 09:21:01 PDT 2006

Hm... Yes you are right! Sorry, I forgot about this. If you use
OpenSSL then the "config" parameter is pointing to the folder
with trusted certs (see xmlSecOpenSSLSetDefaultTrustedCertsFolder

Do you have any errors from xmlsec? Can you put a breakpoint
in xmlSecOpenSSLX509StoreInitialize() function on this line:

     path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
     if(path != NULL) {
	X509_LOOKUP *lookup = NULL;
	lookup = X509_STORE_add_lookup(ctx->xst,
         if(lookup == NULL) {
	X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_DEFAULT);

and then trace down if 1) you have correct value in "path" and
2) X509_LOOKUP_add_dir() succeeds? BTW, there is a small bug in this
code... I need to check the return value from X509_LOOKUP_add_dir()
and report an error if needed. I'll fix it tonight.


More information about the xmlsec mailing list