[xmlsec] CRL in signature

Aleksey Sanin aleksey at aleksey.com
Mon May 7 15:39:17 PDT 2012


I'll go back to the spec but I believe it is 1)



Aleksey

On 5/7/12 3:35 PM, EdShallow wrote:
> Good . . . do you mean that the xmlSecDSigCtxVerify call will also check
> to see if the serial number in the signer certificate is in the CRL
> revoked list?
> 
> Is the <X509CRL> element a child of the same <X509Data> element that the
> <X509Certificate> is a child of?
> 
> Which one is correct?
> 
> 1) this one . . .
> 
> <X509Data>
>     <X509Certificate></X509Certificate>
>     <X509CRL></X509CRL>
> </X509Data>
> 
> 2) or this one . . .
> 
> <X509Data>
>     <X509Certificate></X509Certificate>
> </X509Data>
> <X509Data>
>     <X509CRL></X509CRL>
> </X509Data>
> 
> Thanks again . . .
> Ed
> 
> 
> 
> On Mon, May 7, 2012 at 6:16 PM, Aleksey Sanin <aleksey at aleksey.com
> <mailto:aleksey at aleksey.com>> wrote:
> 
>     yes, it should check for CRL in the XML document
> 
>     Aleksey
> 
>     On 5/7/12 3:15 PM, EdShallow wrote:
>     > If I include the relevant CRL within a signature and then pass it
>     in for
>     > verification, will XMLsec check the signer certificate against that
>     > included CRL automatically as part of the Verify call?
>     >
>     > If so, how should the CRL be included in the signature structure?
>     >
>     > Thanks,
>     > Ed
>     >
>     > --
>     > Ed's Contact Information:
>     > Mobile Phone: 613-852-6410 <tel:613-852-6410>
>     > Gmail: ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>
>     <mailto:ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>>
>     > VOIP Address: 107529 at sip.ca1.voip.ms
>     <mailto:107529 at sip.ca1.voip.ms> <mailto:107529 at sip.ca1.voip.ms
>     <mailto:107529 at sip.ca1.voip.ms>>
>     > VOIP DID#: 613-458-5004 <tel:613-458-5004>
>     > Skype ID: edward.shallow
>     > Home Phone: 613-482-2090 <tel:613-482-2090>
>     >
>     >
>     >
>     > _______________________________________________
>     > xmlsec mailing list
>     > xmlsec at aleksey.com <mailto:xmlsec at aleksey.com>
>     > http://www.aleksey.com/mailman/listinfo/xmlsec
> 
> 
> 
> 
> -- 
> Ed's Contact Information:
> Mobile Phone: 613-852-6410
> Gmail: ed.shallow at gmail.com <mailto:ed.shallow at gmail.com>
> VOIP Address: 107529 at sip.ca1.voip.ms <mailto:107529 at sip.ca1.voip.ms>
> VOIP DID#: 613-458-5004
> Skype ID: edward.shallow
> Home Phone: 613-482-2090
> 


More information about the xmlsec mailing list