[xmlsec] Fwd: Use of full DistinguishedName in KeyName
Aleksey Sanin
aleksey at aleksey.com
Mon Oct 24 06:41:17 PDT 2011
With openssl, you need to load keys into xmlsec manually. With nss and
mscrypto, there are "default" keys storages that xmlsec can search.
Aleksey
On 10/24/11 3:52 AM, Si St wrote:
> Excuse my interruption here,
> but where is xmlsec1 searching to find the key in reference to the
> <KeyName/>? Where should the key/cert be placed so that xmlsec1 can find
> it (f.ex. among other keys)? Any specific directory? Remenber that
> xmlsec1 is /usr/local/bin/xmlsec1 with me, and I wonder where the
> program will search. In my particular case we are dealing with --crypto
> openssl
> --
> Si St
> sigbj-st at operamail.com <mailto:sigbj-st at operamail.com>
> On Wednesday, October 19, 2011 9:33 PM, "EdShallow"
> <ed.shallow at gmail.com> wrote:
>> OK, here is how it works with mscrypto and xmlsec 1.2.18
>>
>> Example 1:
>> <KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName>
>>
>> Example 2 with a special character:
>> <KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName>
>>
>> In other words, do not use the sub-type qualifiers in the DN string
>> i.e. cn= ou= o= c=
>>
>> Order is also important.
>>
>> Cheers,
>> Ed
>>
>> On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <ed.shallow at gmail.com
>> <mailto:ed.shallow at gmail.com>> wrote:
>>
>> OK. Give me a day or so and I will check the source to see if
>> anything has changed in the CAPI calls.
>>
>> On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <aleksey at aleksey.com
>> <mailto:aleksey at aleksey.com>> wrote:
>>
>> Not that I am aware of.
>>
>> Aleksey
>>
>> On 10/19/11 2:02 PM, EdShallow wrote:
>>
>> . . . sorry forgot to mention, this behavior is with mscrypto
>> Ed
>>
>> ---------- Forwarded message ----------
>> From: "EdShallow" <ed.shallow at gmail.com
>> <mailto:ed.shallow at gmail.com> <mailto:ed.shallow at gmail.com
>> <mailto:ed.shallow at gmail.com>>>
>> Date: Oct 19, 2011 3:55 PM
>> Subject: Use of full DistinguishedName in KeyName
>> To: "xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>"
>> <xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>> <mailto:xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>>>
>>
>> Hi Aleksey,
>>
>> Use of full DN in KeyName template element used to work in
>> oldwr
>> versions of xmlsec.
>>
>> As of 1.2.18 I can only get CommonName to work.
>>
>> Example:
>> This works
>> <KeyName>Shallow Ed</KeyName>
>>
>> This does not:
>> <KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName>
>>
>> I receive an "Object or property cannot be found" message.
>>
>> Are there any constraints for naming?
>>
>> Ed
>>
>>
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>>
>>
>> --
>> Ed's Contact Information:
>> Mobile Phone: 613-852-6410
>> Gmail: ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>
>> VOIP Address: 107529 at sip.ca1.voip.ms <mailto:107529 at sip.ca1.voip.ms>
>> VOIP DID#: 613-458-5004
>> Skype ID: edward.shallow
>> Home Phone: 613-482-2090
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>
> --
> http://www.fastmail.fm - Email service worth paying for. Try it for free
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list