[xmlsec] restrict xmlsec1 from using public keys

Yitzchak Scott-Thoennes ysth at shiftboard.com
Wed Oct 28 11:27:35 PDT 2015


I'm using the xmlsec1 tool like:

xmlsec1 --verify --trusted-pem cert.pem --id-attr:ID
urn:oasis:names:tc:SAML:2.0:assertion:Assertion signedassertion.xml

where cert.pem is the public key for a self-signed cert that I expect to
have been used to sign the my assertion.

But it's my understanding that that xmlsec1 call would in fact succeed if
it was signed with some other certificate that my system trusts.  Is there
a way to prevent that?

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20151028/6a341be1/attachment.html>


More information about the xmlsec mailing list