[xmlsec] Verify signature after certificate expired

Aleksey Sanin aleksey at aleksey.com
Wed Oct 9 08:04:44 PDT 2002


 From the general security point of view the data are *not valid* if the 
cert is expired.
If you really want to do this then you should take a look at the OpenSSL 
cert
verification function and remove date check. However, this is DANGEROUSE!

Aleksey.

Roman Bouchner wrote:

>Hello
>I would like to verify signed data however signer's certificate has
>already expired. I want only verify data integrity.
>If I use function xmlSecDSigValidate, it returns negative value, so I
>cannot determine if data was changed or not.
>If I change local date it does work, however it is not right way I
>think..
>How I can solve this problems?
>Thanks:)
>Roman Bouchner
>
>
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>





More information about the xmlsec mailing list