[xmlsec] Key certificates in XMLSec 0.1.1

Aleksey Sanin aleksey at aleksey.com
Fri Apr 4 08:58:56 PST 2003


Well, there is a problem. If you want to get/set X509 certificate in 
OpenSSL you
have to use X509* structure. However, in GnuTLS and NSS it is not "X509*"
but something completely different. I am using "xmlSecCrypto... " 
macroses in places
where crypto engine differences are "hidden" (for example, for loading 
PKCS12 file).

Another question is to call these functions if they are not crypto 
specific? You have
different parameter types and different input value types. Of course, 
one can use
"void*" but Iam trying to avoid it as much as possible to prevent stupid 
typing errors.

Unfortunately, I don't have any good solution for you.  You can try to 
use serializing
certificates to binary or XML format (regular key data read/write 
methods) but
probably it will not help you anyway. And if you'll have any idea about 
that please
let me know. I'll be happy to fix this too.


Aleksey


Jesse Pelton wrote:

>I'm exploring XMLSec 0.1.1.
>
>Background item 1: The OpenSSL implementation provides for storing and
>retrieving a keyCert, which is the certificate that is associated with the
>private key (in a PKCS12 file, for instance). PKCS12 loading is not
>implemented in XMLSec's NSS and GnuTLS engines.
>
>Background item 2: The simple keys store load and save routines do not
>handle this certificate. I'm writing my own keys manager and keys store
>routines, and I'd like to persist this information.
>
>The question: Assuming I have my facts straight, what's the best (robust and
>forward-compatible) way to obtain and set the key certificate? Since I'm
>using OpenSSL (at the moment), I can use
>xmlSecOpenSSLKeyDataX509GetKeyCert() and
>xmlSecOpenSSLKeyDataX509AdoptKeyCert(), but I'd prefer to use function names
>not tied to the implementation (like the xmlSecCrypto...() macros). Have I
>missed something? Are there plans for something of this sort? (I imagine
>that if they're not already there,it's because of uncertainty about
>implementation details in the other engines.)
>_______________________________________________
>xmlsec mailing list
>xmlsec at aleksey.com
>http://www.aleksey.com/mailman/listinfo/xmlsec
>  
>





More information about the xmlsec mailing list