[xmlsec] restrict xmlsec1 from using public keys

Aleksey Sanin aleksey at aleksey.com
Wed Oct 28 17:35:31 PDT 2015

Check the --crypto-config command line option. For openssl,
it specifies the default folder for loading trusted certs from.


On 10/28/15 11:27 AM, Yitzchak Scott-Thoennes wrote:
> I'm using the xmlsec1 tool like:
> xmlsec1 --verify --trusted-pem cert.pem --id-attr:ID
> urn:oasis:names:tc:SAML:2.0:assertion:Assertion signedassertion.xml
> where cert.pem is the public key for a self-signed cert that I expect to
> have been used to sign the my assertion.
> But it's my understanding that that xmlsec1 call would in fact succeed
> if it was signed with some other certificate that my system trusts.  Is
> there a way to prevent that?
> Thanks
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list