[xmlsec] Thoughts on a new mscng backend
vmiklos at vmiklos.hu
Fri May 4 08:33:58 PDT 2018
On Thu, Jan 04, 2018 at 03:24:51PM -0800, Aleksey Sanin <aleksey at aleksey.com> wrote:
> That sounds like a great plan! I would recommend to use the
> skeleton folder to start.
Thanks for all the reviews, current master looks reasonable to me when I
compare 'make check' output of the mscrypto and mscng backends:
- 0 tests pass only on mscrypto
- 126 tests pass on both mscrypto and mscng
- 3 tests pass only on mscng (ecdsa signing with sha1/256/512)
I wonder what else is missing so it could be claimed that the mscng
backend is more or less a drop-in replacement for the mscrypto one.
There are two things I can think of:
- mscrypto supports reading your OS-level certificates and use that
during e.g. signing.
- There are a few functions which are part of the mscrypto public API
(e.g. xmlSecMSCryptoX509StoreAdoptKeyStore()) and there is no mscng
equivalent yet. Those are probably interesting as e.g. LibreOffice
uses those functions.
I plan to get to these two in the next few weeks. But is there anything
else larger missing?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: Digital signature
More information about the xmlsec