[xmlsec] nss -- xmlSecNssX509StoreVerify question
Miklos Vajna
vmiklos at vmiklos.hu
Fri Dec 9 11:30:58 PST 2016
Hi,
On Fri, Dec 09, 2016 at 09:19:07AM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Thanks for investigation. Obviously something is not right with
> the tests. I want to investigate this further though not sure
> if I will have time in the next couple weeks.
At the end I think I hit two issues in parallel:
1) xmlSecNssX509StoreVerify() not verifying the certificate and
2) xmlSecNssX509StoreAdoptCert() ignoring the type parameter, which says
if the cerficate should be trusted or not.
https://github.com/lsh123/xmlsec/pull/72 is my attempt fixing it, but
feel free to tweak it as you like. Certainly no rush. :-)
Regards,
Miklos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20161209/62cd67b2/attachment.sig>
More information about the xmlsec
mailing list