[xmlsec] External DTD support

Aleksey Sanin aleksey@aleksey.com
Wed, 22 Jan 2003 12:14:33 -0800


>
>
>> And according to the OpenSSL 0.9.7 code (crypto/x509/x509_vfy.c, around
>> line #200) it should work perfectly too. If you are using OpenSSL 
>> 0.9.6 then you might consider upgrading to 0.9.7. It'll save you a 
>> lot of time :)
>
> We're probably going to wait for 0.9.7b before we upgrade in our 
> production environment. :)

This is a good idea but 0.9.6 is too old and have a lot of "minor 
problems". 0.9.7 had a very long
"cull off" period and I believe that it actually 0.9.7b or 0.9.7c now. 
And I just checked 0.9.6
sources and I do see that it returns an error w/o checking "trusted" 
certs. I do not like your patch
because it accepts *any* self signed cert. Nothing is impossible and I 
can write some glue code
to make additional check on xmlsec level but it just does not make any 
sense to me. And I am going
to drop 0.9.6 support as I decleared many times :)


Aleksey