[xmlsec] New feature in xmlsec

Aleksey Sanin aleksey@aleksey.com
Wed, 05 Feb 2003 09:54:22 -0800


Hi, Jean-Etienne!

Thanks for the patch! I've applied and commited it with minor 
modification to
allow 0 depths (just set the initial depth to 9 when we create 
X509_STORE :) ).
I think that someone migth need it one day.

With best regards,
Aleksey.

jean-etienne.schwartz@bull.net wrote:

>Hello aleksey,
>
>at first, really thank you for your good ``xmlsec'' library.
>The hint of this feature is to improve the certificate verification
>by adding a limitation in the certificate chain. This is necessary because
>OpenSSL use a default maximum chain length of nine.
>
>The next 'diffs' are made on the xmlsec-0.0.12 tree
>The modifications in 'x509.c' are valid for OpenSSL-0.9.6 and OpenSSL-0.9.7
>The test against a 0 value of depth is for backward comptability (the key
>manager is
>initialized with this value) and for sematic: a value of 0 allow *ONLY*
>self signed
>certificates.
>
>Regards
>     Jean-Etienne SCHWARTZ
>
>  
>