[xmlsec] nss -- xmlSecNssX509StoreVerify question
vmiklos at vmiklos.hu
Fri Dec 9 11:30:58 PST 2016
On Fri, Dec 09, 2016 at 09:19:07AM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Thanks for investigation. Obviously something is not right with
> the tests. I want to investigate this further though not sure
> if I will have time in the next couple weeks.
At the end I think I hit two issues in parallel:
1) xmlSecNssX509StoreVerify() not verifying the certificate and
2) xmlSecNssX509StoreAdoptCert() ignoring the type parameter, which says
if the cerficate should be trusted or not.
https://github.com/lsh123/xmlsec/pull/72 is my attempt fixing it, but
feel free to tweak it as you like. Certainly no rush. :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: Digital signature
More information about the xmlsec