[xmlsec] X509 aux data with OpenSSL engine
Jesse Pelton
jsp at PKC.com
Fri May 2 11:12:47 PDT 2003
I'd like to be able to get at certain X509 auxiliary data (such as the
alias) after calling xmlSecOpenSSLAppPkcs12Load(). The function uses
X509_dup() to clone each certificate in the chain (as well as the key cert),
but X509_dup() does not copy auxiliary data. As a result, by the time
xmlSecOpenSSLAppPkcs12Load() returns, the auxiliary data is lost.
I think there are a couple of options:
1) I could load the PKCS12 file using OpenSSL calls after
xmlSecOpenSSLAppPkcs12Load() returns and clone whatever data I want.
2) xmlSecOpenSSLAppPkcs12Load() could be modified so that the original key
certificate is adopted, rather than a copy. I think this means pushing a
copy of the original certificate on the chain when PKCS12_parse() returns,
rather than the original.
The latter seems preferable, but I'm not sure it's feasible.
More information about the xmlsec
mailing list