[xmlsec] Re: Invalid certificate

[Aleksey Sanin]

Yes, you are right. This needs to be fixed (including the "mixed" key 
type issue).
I would look at this tonight to see how bad is the change (i.e. how many 
files
would be affected).

Aleksey

Wouter wrote:

>>Ok, now we are getting somewhere :) The problem is that test (and all 
>>other xmlsec-crypto
>>libraries) expect this file to be public key in DER format. Not a 
>>certificate. We already have
>>several key types: DER/PEM/PKCS12 and it sounds like there 
>>needs to be 
>>one or two more:
>>public key with a cert in DER/PEM formats. I would need to 
>>think about 
>>that. I am not sure
>>that I want to package this changes in the initial xmlsec-mscrypto 
>>release. Probably we can
>>file a but and deal with this later. I am glad that now we understand 
>>the problem :)
>>    
>>
>
>I was mislead by the fact that the header file where the keytype DER is
>defined has a comment the type can also be used for certificates.
>Because of the limitation with MS Crypto API in supported formats of
>keys to be loaded, you can imagine it definitely needs support for
>loading a key by their certificate, or are their other ways to encrypt
>for example with a public key that is only available in the certificate?
>
>However currently mscrypto support will try to load .der key files as fi
>they contain certificates(!). What to do with that? 
>
>Wouter
>  
>