[xmlsec] Fwd: Use of full DistinguishedName in KeyName
EdShallow
ed.shallow at gmail.com
Mon Oct 24 06:50:21 PDT 2011
The notevyou quoted applies mostly to using mscrypto. Using KeyName with
OpenSSL should also work as long as keys are loaded into XMLsec KeysManager.
On Oct 24, 2011 6:53 AM, "Si St" <sigbj-st at operamail.com> wrote:
> Excuse my interruption here,
> but where is xmlsec1 searching to find the key in reference to the
> <KeyName/>? Where should the key/cert be placed so that xmlsec1 can find it
> (f.ex. among other keys)? Any specific directory? Remenber that xmlsec1 is
> /usr/local/bin/xmlsec1 with me, and I wonder where the program will search.
> In my particular case we are dealing with --crypto openssl
> --
> Si St
> sigbj-st at operamail.com
>
> On Wednesday, October 19, 2011 9:33 PM, "EdShallow" <
> ed.shallow at gmail.com> wrote:
>
> OK, here is how it works with mscrypto and xmlsec 1.2.18
>
> Example 1:
> <KeyName>CA, GC, PWGSC-TPSGC, "Ed Shallow"</KeyName>
>
> Example 2 with a special character:
> <KeyName>CA, GC, PWGSC-TPSGC, "Shallow, Ed"</KeyName>
>
> In other words, do not use the sub-type qualifiers in the DN string i.e.
> cn= ou= o= c=
>
> Order is also important.
>
> Cheers,
> Ed
>
> On Wed, Oct 19, 2011 at 7:38 PM, EdShallow <ed.shallow at gmail.com> wrote:
>
> OK. Give me a day or so and I will check the source to see if anything has
> changed in the CAPI calls.
>
> On Oct 19, 2011 7:29 PM, "Aleksey Sanin" <aleksey at aleksey.com> wrote:
>
> Not that I am aware of.
>
> Aleksey
>
> On 10/19/11 2:02 PM, EdShallow wrote:
>
> . . . sorry forgot to mention, this behavior is with mscrypto
> Ed
>
> ---------- Forwarded message ----------
> From: "EdShallow" <ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>>
> Date: Oct 19, 2011 3:55 PM
> Subject: Use of full DistinguishedName in KeyName
> To: "xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>" <xmlsec at aleksey.com
> <mailto:xmlsec at aleksey.com>>
>
> Hi Aleksey,
>
> Use of full DN in KeyName template element used to work in oldwr
> versions of xmlsec.
>
> As of 1.2.18 I can only get CommonName to work.
>
> Example:
> This works
> <KeyName>Shallow Ed</KeyName>
>
> This does not:
> <KeyName>cn=Shallow Ed,ou=finance,o=acme,c=ca</KeyName>
>
> I receive an "Object or property cannot be found" message.
>
> Are there any constraints for naming?
>
> Ed
>
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
> --
> Ed's Contact Information:
> Mobile Phone: 613-852-6410
> Gmail: ed.shallow at gmail.com
> VOIP Address: 107529 at sip.ca1.voip.ms
> VOIP DID#: 613-458-5004
> Skype ID: edward.shallow
> Home Phone: 613-482-2090
>
>
> _______________________________________________
> xmlsec mailing listxmlsec at aleksey.comhttp://www.aleksey.com/mailman/listinfo/xmlsec
>
>
>
>
> -- http://www.fastmail.fm - Email service worth paying for. Try it for free
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20111024/bb8f21bd/attachment.html>
More information about the xmlsec
mailing list