[xmlsec] nss -- xmlSecNssX509StoreVerify question

Aleksey Sanin aleksey at aleksey.com
Thu Dec 8 14:53:37 PST 2016

Can you check the xmlSecDsigCtx to see if the key used for verification
(it is returned in the context) has a certificate attached to it?


On 12/8/16 2:20 PM, Miklos Vajna wrote:
> On Thu, Dec 08, 2016 at 01:26:27PM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> Could you please confirm that xmlsec-nss gets the key from the
>> certificate and not from another place?
> Hi,
> Hmm... how do I confirm that? The use-case where this code is running is
> that I have a signed XML document and I'm verifying the signature. The
> NSS db doesn't have the certificate (so the private key is not
> available), nor the issuer certificate (or its parents).
> So I *guess* the only way how xmlsec-nss can get the key (assuming you
> mean the public key) is from the certificate.
>> I am not very familiar with this code unfortunately. It might
>> have happen that the NSS API changed since xmlsec-nss was
>> written :)
> No problem, I'll check tomorrow if it's really just about passing a
> non-NULL returnedUsages to CERT_VerifyCertificate(); I just asked here
> in case somebody more competent than me can point ouf if I'm missing
> something obvious. ;-)
> Thanks,
> Miklos

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: OpenPGP digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20161208/bbf88eb9/attachment.sig>

More information about the xmlsec mailing list