[xmlsec] FW: Valid To has passed

Aleksey Sanin aleksey at aleksey.com
Thu Sep 6 14:16:47 PDT 2007

> I would prefer that the sign fail if the key is expired. This is how the
> other CAPI desktop products work. 

Aha! Well, I know what happens. The xmlsec performs search for the key
using all the available information. In your case, it finds the key by
the *KeyName* before it tries to search for the certificate. And,
MSCrypto happily returns xmlsec the key w/o checking for certificate

Honestly, I don't know what can be done here. I think the simplest
way is to disable search by key and search by certificate only as I


More information about the xmlsec mailing list