[xmlsec] restrict xmlsec1 from using public keys
Aleksey Sanin
aleksey at aleksey.com
Wed Oct 28 17:35:31 PDT 2015
Check the --crypto-config command line option. For openssl,
it specifies the default folder for loading trusted certs from.
Aleksey
On 10/28/15 11:27 AM, Yitzchak Scott-Thoennes wrote:
> I'm using the xmlsec1 tool like:
>
> xmlsec1 --verify --trusted-pem cert.pem --id-attr:ID
> urn:oasis:names:tc:SAML:2.0:assertion:Assertion signedassertion.xml
>
> where cert.pem is the public key for a self-signed cert that I expect to
> have been used to sign the my assertion.
>
> But it's my understanding that that xmlsec1 call would in fact succeed
> if it was signed with some other certificate that my system trusts. Is
> there a way to prevent that?
>
> Thanks
>
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list