[xmlsec] question: *X509VerifyAndExtractKey

Aleksey Sanin aleksey@aleksey.com
Wed, 28 May 2003 18:39:46 -0700


<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body>
<br>
<br>
Tejkumar Arora wrote:<br>
<blockquote type="cite" cite="mid3ED55D56.6050009@netscape.com">
  <pre wrap="">A related question: Are you accounting for multiple &lt;X509Data&gt;
elements under &lt;KeyInfo&gt; ?.

I see in the logic that you call *X509VerifyAndExtractKey
immediately after reading one &lt;X509Data&gt; element.....
  </pre>
</blockquote>
<br>
As I wrote in previous reply, I believe that all certificates from the
same certificates<br>
chain MUST be inside the same &lt;dsig:X509Data/&gt; element:<br>
<br>
" All such elements that refer to a       particular individual
certificate MUST be grouped <br>
inside a single <code>X509Data</code> element and if the
certificate to which they refer appears, <br>
it MUST also be in that <code>X509Data</code> element."<br>
<br>
<br>
Aleksey<br>
<br>
<br>
</body>
</html>