[xmlsec] External DTD support
Aleksey Sanin
aleksey@aleksey.com
Wed, 22 Jan 2003 12:14:33 -0800
>
>
>> And according to the OpenSSL 0.9.7 code (crypto/x509/x509_vfy.c, around
>> line #200) it should work perfectly too. If you are using OpenSSL
>> 0.9.6 then you might consider upgrading to 0.9.7. It'll save you a
>> lot of time :)
>
> We're probably going to wait for 0.9.7b before we upgrade in our
> production environment. :)
This is a good idea but 0.9.6 is too old and have a lot of "minor
problems". 0.9.7 had a very long
"cull off" period and I believe that it actually 0.9.7b or 0.9.7c now.
And I just checked 0.9.6
sources and I do see that it returns an error w/o checking "trusted"
certs. I do not like your patch
because it accepts *any* self signed cert. Nothing is impossible and I
can write some glue code
to make additional check on xmlsec level but it just does not make any
sense to me. And I am going
to drop 0.9.6 support as I decleared many times :)
Aleksey