[xmlsec] FW: Valid To has passed

Ed Shallow ed.shallow at rogers.com
Mon Sep 3 18:09:36 PDT 2007

 Specifics of the problem as you requested ...

- running patched xmlsec 1.2.10 on Windows (see re-post from me above)
- using command line utility with options as follows:

xmlsec sign --crypto mscrypto --output inout/edsigned-enveloped-Entrust.xml

xmlsec verify --crypto mscrypto inout/edsigned-enveloped-Entrust.xml

- the Entrust key-pair and certificate are loaded into the Microsoft Crypto
Store and XMLSec is retrieving them based on the template

- the resultant signature (also attached) verifies sucessfully even though
the certificate expired on August 31, 2007

  I have not attempted to re-create this outside of --mscrypto yet

  Any ideas ?


-----Original Message-----
From: Ed Shallow [mailto:ed.shallow at rogers.com] 
Sent: Saturday, September 01, 2007 9:58 AM
To: 'xmlsec at aleksey.com'
Subject: Valid To has passed

Ho Aleksey,
   I just noticed that I am still able to sign --mscrypto with an expired
certificate. Additionally it verifies successfully as well. Is this normal?
   In the template can I force creation of the ValidFrom and ValidTo nodes?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tmpl-EPM-sign-enveloped-Entrust.xml
Type: text/xml
Size: 1499 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20070903/81a8911e/tmpl-EPM-sign-enveloped-Entrust-0002.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: edsigned-enveloped-Entrust.xml
Type: text/xml
Size: 3017 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20070903/81a8911e/edsigned-enveloped-Entrust-0002.xml

More information about the xmlsec mailing list