[xmlsec] Thoughts on a new mscng backend

Miklos Vajna vmiklos at vmiklos.hu
Fri May 4 08:33:58 PDT 2018


On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> That sounds like a great plan! I would recommend to use the
> skeleton folder to start.

Thanks for all the reviews, current master looks reasonable to me when I
compare 'make check' output of the mscrypto and mscng backends:

- 0 tests pass only on mscrypto
- 126 tests pass on both mscrypto and mscng
- 3 tests pass only on mscng (ecdsa signing with sha1/256/512)

I wonder what else is missing so it could be claimed that the mscng
backend is more or less a drop-in replacement for the mscrypto one.
There are two things I can think of:

- mscrypto supports reading your OS-level certificates and use that
  during e.g. signing.

- There are a few functions which are part of the mscrypto public API
  (e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is no mscng
  equivalent yet. Those are probably interesting as e.g. LibreOffice
  uses those functions.

I plan to get to these two in the next few weeks. But is there anything
else larger missing?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20180504/647c0d27/attachment.sig>

More information about the xmlsec mailing list