[xmlsec] Key certificates in XMLSec 0.1.1
Aleksey Sanin
aleksey@aleksey.com
Fri, 04 Apr 2003 08:58:56 -0800
Well, there is a problem. If you want to get/set X509 certificate in
OpenSSL you
have to use X509* structure. However, in GnuTLS and NSS it is not "X509*"
but something completely different. I am using "xmlSecCrypto... "
macroses in places
where crypto engine differences are "hidden" (for example, for loading
PKCS12 file).
Another question is to call these functions if they are not crypto
specific? You have
different parameter types and different input value types. Of course,
one can use
"void*" but Iam trying to avoid it as much as possible to prevent stupid
typing errors.
Unfortunately, I don't have any good solution for you. You can try to
use serializing
certificates to binary or XML format (regular key data read/write
methods) but
probably it will not help you anyway. And if you'll have any idea about
that please
let me know. I'll be happy to fix this too.
Aleksey
Jesse Pelton wrote:
>I'm exploring XMLSec 0.1.1.
>
>Background item 1: The OpenSSL implementation provides for storing and
>retrieving a keyCert, which is the certificate that is associated with the
>private key (in a PKCS12 file, for instance). PKCS12 loading is not
>implemented in XMLSec's NSS and GnuTLS engines.
>
>Background item 2: The simple keys store load and save routines do not
>handle this certificate. I'm writing my own keys manager and keys store
>routines, and I'd like to persist this information.
>
>The question: Assuming I have my facts straight, what's the best (robust and
>forward-compatible) way to obtain and set the key certificate? Since I'm
>using OpenSSL (at the moment), I can use
>xmlSecOpenSSLKeyDataX509GetKeyCert() and
>xmlSecOpenSSLKeyDataX509AdoptKeyCert(), but I'd prefer to use function names
>not tied to the implementation (like the xmlSecCrypto...() macros). Have I
>missed something? Are there plans for something of this sort? (I imagine
>that if they're not already there,it's because of uncertainty about
>implementation details in the other engines.)
>_______________________________________________
>xmlsec mailing list
>xmlsec@aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>
>