[xmlsec] nss -- xmlSecNssX509StoreVerify question

Miklos Vajna vmiklos at vmiklos.hu
Thu Dec 8 14:20:23 PST 2016

On Thu, Dec 08, 2016 at 01:26:27PM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Could you please confirm that xmlsec-nss gets the key from the
> certificate and not from another place?


Hmm... how do I confirm that? The use-case where this code is running is
that I have a signed XML document and I'm verifying the signature. The
NSS db doesn't have the certificate (so the private key is not
available), nor the issuer certificate (or its parents).

So I *guess* the only way how xmlsec-nss can get the key (assuming you
mean the public key) is from the certificate.

> I am not very familiar with this code unfortunately. It might
> have happen that the NSS API changed since xmlsec-nss was
> written :)

No problem, I'll check tomorrow if it's really just about passing a
non-NULL returnedUsages to CERT_VerifyCertificate(); I just asked here
in case somebody more competent than me can point ouf if I'm missing
something obvious. ;-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20161208/dfbd03f7/attachment.sig>

More information about the xmlsec mailing list