[xmlsec] nss -- xmlSecNssX509StoreVerify question

Miklos Vajna vmiklos at vmiklos.hu
Fri Dec 9 11:30:58 PST 2016


On Fri, Dec 09, 2016 at 09:19:07AM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Thanks for investigation. Obviously something is not right with
> the tests. I want to investigate this further though not sure
> if I will have time in the next couple weeks.

At the end I think I hit two issues in parallel:

1) xmlSecNssX509StoreVerify() not verifying the certificate and

2) xmlSecNssX509StoreAdoptCert() ignoring the type parameter, which says
if the cerficate should be trusted or not.

https://github.com/lsh123/xmlsec/pull/72 is my attempt fixing it, but
feel free to tweak it as you like. Certainly no rush. :-)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20161209/62cd67b2/attachment.sig>

More information about the xmlsec mailing list