[xmlsec] New feature in xmlsec
Aleksey Sanin
aleksey at aleksey.com
Wed Feb 5 09:54:22 PST 2003
Hi, Jean-Etienne!
Thanks for the patch! I've applied and commited it with minor
modification to
allow 0 depths (just set the initial depth to 9 when we create
X509_STORE :) ).
I think that someone migth need it one day.
With best regards,
Aleksey.
jean-etienne.schwartz at bull.net wrote:
>Hello aleksey,
>
>at first, really thank you for your good ``xmlsec'' library.
>The hint of this feature is to improve the certificate verification
>by adding a limitation in the certificate chain. This is necessary because
>OpenSSL use a default maximum chain length of nine.
>
>The next 'diffs' are made on the xmlsec-0.0.12 tree
>The modifications in 'x509.c' are valid for OpenSSL-0.9.6 and OpenSSL-0.9.7
>The test against a 0 value of depth is for backward comptability (the key
>manager is
>initialized with this value) and for sematic: a value of 0 allow *ONLY*
>self signed
>certificates.
>
>Regards
> Jean-Etienne SCHWARTZ
>
>
>
More information about the xmlsec
mailing list