[xmlsec] question: *X509VerifyAndExtractKey
Aleksey Sanin
aleksey@aleksey.com
Wed, 28 May 2003 18:39:46 -0700
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
<title></title>
</head>
<body>
<br>
<br>
Tejkumar Arora wrote:<br>
<blockquote type="cite" cite="mid3ED55D56.6050009@netscape.com">
<pre wrap="">A related question: Are you accounting for multiple <X509Data>
elements under <KeyInfo> ?.
I see in the logic that you call *X509VerifyAndExtractKey
immediately after reading one <X509Data> element.....
</pre>
</blockquote>
<br>
As I wrote in previous reply, I believe that all certificates from the
same certificates<br>
chain MUST be inside the same <dsig:X509Data/> element:<br>
<br>
" All such elements that refer to a particular individual
certificate MUST be grouped <br>
inside a single <code>X509Data</code> element and if the
certificate to which they refer appears, <br>
it MUST also be in that <code>X509Data</code> element."<br>
<br>
<br>
Aleksey<br>
<br>
<br>
</body>
</html>