[xmlsec] X509Certificate ordering
hendry at iki.fi
Fri Jun 17 07:02:54 PDT 2011
Thanks for xmlsec, it basically implements
I'm signing with
which has the pub keys:
The problem is with the generated signatures the X509Certificate's
appear in different orderings. Once I figure out the orderings, I then
write an xmlstarlet kludge to put them in the ordering I need them:
Which is, 2, 3, root, that is Signer pubkey, then intermediate, then
The problem is that on different machines xmlsec seems to embed them
in different orders. On my Arch 1.2.16, it's 2,3,root. On my 1.2.14
Debian it's 2,root,3 and when I downgraded to 1.2.14 on Arch, it
became root,2,3... wtf?
You can see the ordering for yourself on a using http://v.wacapps.net/
and 1.2.14 Debian signed
has an exception not to apply the kludge above.
I hope you can help me understand!
More information about the xmlsec